Some script reorg and a new intel extension script.

- policy/frameworks/intel/seen is the new location for the scripts
    that push data into the intel framework for checking.

  - The new policy/frameworks/intel/do_notice script adds an example
    mechanism for data driven notices.

scripts/policy/frameworks/intel/seen/http-host-header.bro

@@ -0,0 +1,11 @@
+@load base/frameworks/intel
+@load ./where-locations
+
+event http_header(c: connection, is_orig: bool, name: string, value: string)
+	{
+	if ( is_orig && name == "HOST" )
+		Intel::seen([$indicator=value,
+		             $indicator_type=Intel::DOMAIN,
+		             $conn=c,
+		             $where=HTTP::IN_HOST_HEADER]);
+	}