feat: add PumbaLP/adguardhome-dot collection for DoT scanner detection

[PumbaLP]

Adds a parser and scenario to detect port 853 (DNS-over-TLS) scanners targeting AdGuard Home instances.

Port scanners that probe DoT without completing a proper TLS handshake cause repeated "connection reset by peer" errors in AdGuard Home logs. This collection extracts the remote IP from these errors and bans IPs that trigger 5+ resets within 10 minutes.

Components

• Parser PumbaLP/adguardhome-dot-errors: extracts remote_ip, log_type and service from AdGuard Home DoT error logs
• Scenario PumbaLP/adguardhome-dot-scan: leaky bucket, capacity 5, leakspeed 10m, grouped by source_ip
• Collection PumbaLP/adguardhome-dot: bundles both components

What it detects

Port scanners and probers that connect to port 853 (DoT) without completing a proper TLS handshake. These appear as repeated connection reset by peer errors in AdGuard Home logs.

What it does NOT detect

• DoQ (port 8853 or 853/udp) – no remote IP in logs
• Direct DoH (port 443) – no remote IP in logs
• DoH via Nginx reverse proxy – use crowdsecurity/nginx-logs instead

Testing

Two hubtests are included:

• adguardhome-dot-errors: validates parser extracts source_ip, log_type and service correctly
• adguardhome-dot-scan: validates scenario coverage with 6 events from same IP

Tested in production against AdGuard Home v0.107.x running in Docker.

Closes #1753

Checklist

• I have read the contributing guide
• I have tested my changes locally
• For new parsers or scenarios, tests have been added
• I have run the hub linter and no issues were reported (see contributing guide)
• Automated tests are passing
• AI was used to generate any/all content of this PR