Add query tld, parent domain, and subdomain to the dns_activity class

[hal308]

We would like to add the fields tld, parent domain, and subdomain to the dns query object so we can use those fields to differentiate between different parts of the domain. This is useful when looking for tunneling activity.

query.tld query.parent query.subdomain

[mikeradka]

May be related to https://github.com/ocsf/ocsf-schema/issues/1102