TRW should be more flexible in determining what connections to skip

[vern]

[From Eric Thomas, Sandia]

Instead of using a set lookup (the honeypot global) to determine whether
a connection is related to a honeypot, introduce a function variable that
gets set to a function which takes a connection record as input and returns
a boolean. The return value specifies T/F whether the connection is
associated with a honeypot. This function is called in check_TRW_scan
(trw-impl.bro) instead of the set lookup in honeypot.

The default function would do the simple set lookup, as is done now. But it
allows others to create a function that performs more complex operations.