ldap: Fix substring filter parsing and rendering

The initial (prefix) and final (suffix) strings are specified individually
with a variable number of "any" matches that can occur between these.
The previous implementation assumed a single string and rendered it
as *<string>*.

Reported and PCAP provided by @martinvanhensbergen, thanks!

Closes zeek/spicy-ldap#27

testing/btest/scripts/base/protocols/ldap/ldap_substring_search.zeek

@@ -0,0 +1,13 @@
+# Copyright (c) 2024 by the Zeek Project. See LICENSE for details.
+
+# @TEST-REQUIRES: have-spicy
+# @TEST-EXEC: zeek -b -C -r ${TRACES}/ldap/ldap_star_single.pcap %INPUT >output 2>&1
+# @TEST-EXEC: btest-diff output
+# @TEST-EXEC: cat conn.log | zeek-cut -m ts uid history service > conn.log2 && mv conn.log2 conn.log
+# @TEST-EXEC: btest-diff conn.log
+# @TEST-EXEC: btest-diff ldap_search.log
+#
+# @TEST-DOC: Test substring filter parsed and rendered properly when initial and final are present, but no anys.
+
+@load base/protocols/conn
+@load base/protocols/ldap