Add options to resolve IP-addresses of cert-domains and filter by their IP-subnet

[PROger4ever]

Problem

When you scan TLS-servers in a IP-subnet, you can accidentally build a chain of Reality servers that reduces the reliability of our proxy-server.

Proposal

We can filter only those TLS-servers which are in IP-addresses of cert-domain.

The first option should be like -resolve-cert-domains. It splits multiple (?) domains in cert-domains field, removes *. in the beginning of them, resolves them through DNS-queries and outputs to logs and CSV-file.

The second option should be like `-filter-by-cert-domains-ips'. It makes results infeasible when the IP-addresses of cert-domains does not belong to the scanning IP-subnet.

Usage example

Command line:

./RealiTLScanner -addr 1.2.3.0/24 -resolve-cert-domains -filter-by-cert-domains-ips -out file.csv -v

Output:

2024/02/08 20:51:10 INFO Connected to target feasible=true host=1.2.3.4 tls=1.3 alpn=h2 domain=domain-with-ip-1-2-3-4-in-dns.com issuer="Let's Encrypt"

CSV-file content:

IP,ORIGIN,CERT_DOMAIN,CERT_DOMAINS_IPS,CERT_ISSUER,GEO_CODE
1.2.3.4,domain-with-ip-1-2-3-4-in-dns.com,"domain-with-ip-1-2-3-4-in-dns.com: 1.2.3.4, 1.2.3.5; domain2.com: 4.3.2.1","Let's Encrypt",US