Czech assembler features

[liskaant]

And here a few assembler changes. With actual new features this time:

• Simple assembler for UDP traffic, not really tested and probably not very accurate but better than empty screen
• Tagging of TCP and UDP traffic
• Persistent Assembler instance. This allows for:
  • Incremental pcap processing (Simply recording last packet number and listening to FS WRITE events)
  • Flows assembled across PCAPs (As long as the new PCAP arrives within flush-after timeout)
• Some code refactoring, hopefully in the right direction

This is my first time writing something serious in Go, feel free to point out idiomatic mistakes.

Known issues:

1. When copying PCAPs over and overwriting them, assembler sometimes shows negative packet counts. This won't explode and appears to eventually parse all packets. But it's weird and I have no idea why it happens.
2. When a reverse proxy is placed in front of an HTTP service (without the service returning Connection: close), it causes the assembler to put all the packets in one flow. This stops only when the document limit is reached or no traffic is seen for flush-after. I don't think there is a real fix for this but I'm open to ideas.

Thanks for open-sourcing Tulip. Love from Team Czenk :heart:

[RickdeJager]

Hey, huge thanks for the PR. I did some testing with this pr and #28 and used it in RUCTF and it worked great.

I'll merge this one first because it has more changes. #28 probably needs to be rebased afterwards.