Add brute-force support for insecure app detection

[liron-l]

Currently our insecure app detector only uses insecure connectivity checks. It's important to verify that common apps are not deployed with common naive passwords.

In this feature, we will add additional brute-force detection (based on a pre-defined username/password list) to each app detector. We should also enable the app detector to specify a custom password list (e.g., check password against default password in dockerhub repository page)