Add an example of a GridFTP data channel detection script.

It relies on the heuristics of GridFTP data channels commonly default to
SSL mutual authentication with a NULL bulk cipher and that they usually
transfer large datasets (default threshold of script is 1 GB).  The
script also defaults to skip_further_processing() after detection to try
to save cycles analyzing the large, benign connection.

Also added a script in base/protocols/conn/polling that generalizes the
process of polling a connection for interesting features.  The GridFTP
data channel detection script depends on it to monitor bytes
transferred.

testing/btest/scripts/base/protocols/conn/polling.test

@@ -0,0 +1,20 @@
+# @TEST-EXEC: bro -b -r $TRACES/http-100-continue.trace %INPUT >out1
+# @TEST-EXEC: btest-diff out1
+# @TEST-EXEC: bro -b -r $TRACES/http-100-continue.trace %INPUT stop_cnt=2 >out2
+# @TEST-EXEC: btest-diff out2
+
+@load base/protocols/conn
+
+const stop_cnt = 10 &redef;
+
+function callback(c: connection, cnt: count): interval
+	{
+	print "callback", c$id, cnt;
+	return cnt >= stop_cnt ? -1 sec : .2 sec;
+	}
+
+event new_connection(c: connection)
+	{
+	print "new_connection", c$id;
+	ConnPolling::watch(c, callback, 0, 0secs);
+	}