detect: add vlan.id keyword - v5

[AkakiAlice]

Ticket: #1065

Make sure these boxes are checked accordingly before submitting your Pull Request -- thank you.

Contribution style:

• I have read the contributing guide lines at
  https://docs.suricata.io/en/latest/devguide/contributing/contribution-process.html

Our Contribution agreements:

• I have signed the Open Information Security Foundation contribution agreement at
  https://suricata.io/about/contribution-agreement/ (note: this is only required once)

Changes (if applicable):

• I have updated the User Guide (in doc/userguide/) to reflect the changes made
• I have updated the JSON schema (in etc/schema.json) to reflect all logging changes
  (including schema descriptions)
• I have created a ticket at
  https://redmine.openinfosecfoundation.org/projects/suricata/issues

Link to ticket: https://redmine.openinfosecfoundation.org/issues/1065
Describe changes:

• Introduce vlan.id keyword

SV_BRANCH=OISF/suricata-verify#2188
Previous PR= #12285

[codecov]

Codecov Report

Attention: Patch coverage is 80.43478% with 36 lines in your changes missing coverage. Please review.

Project coverage is 83.25%. Comparing base (0e4faba) to head (d371e9e).
Report is 17 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #12290      +/-   ##
==========================================
+ Coverage   83.22%   83.25%   +0.02%     
==========================================
  Files         912      914       +2     
  Lines      257311   257811     +500     
==========================================
+ Hits       214154   214646     +492     
- Misses      43157    43165       +8     

Flag	Coverage Δ
fuzzcorpus	61.05% <9.25%> (-0.02%)	⬇️
livemode	19.39% <9.25%> (-0.14%)	⬇️
pcap	44.46% <9.25%> (+0.09%)	⬆️
suricata-verify	62.87% <62.03%> (+0.03%)	⬆️
unittests	59.17% <57.60%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

[jufajardini]

It looks to me that we're almost done, kudos! :)

Shivani's comment made me think of a possible improvement for the doc, I left a comment about that, and two more nit ones.

About the commit message: since we're adding a new keyword with it, it's a good practice (although not always followed) to summarize what are the keyword capabilities and what it is for, on the commit message itself. A good example could be: 3aa313d

[catenacyber]

CI : red, could you rebase because latest master has clippy fixes ?
Code : looking into it now
Commits segmentation : ok
Commit messages : nit Ticket: #1065 instead of Ticket: OISF#1065
Git ID set : looks fine for me
CLA : you already contributed
Doc update : looks good, will review with the code
Redmine ticket : ok
Rustfmt : looks ok for vlan_id.rs
Tests : nice, thanks, added a remark there
Dependencies added: none

[catenacyber]

If you wish, you may also add the syntax sugar any

And you may add also the feature count to match on p->vlan_idx
So you can match on packets without vlan like vlan.id:0, count

[AkakiAlice]

what do you mean by syntax sugar any ?

[catenacyber]

Some code like

if parts[1] == "all" {
// do something
} else if parts[1] == "any" {
// do something else
}...

This is syntax sugar because it does not bring expressivity, just some more explicit readability for rules

[catenacyber]

Great work, needs some polishing, but all good

[inashivb]

Replaced w #12301