XMPP: Fix detection of StartTLS when using namespaces

the starttls command will sometimes be issued with a namespace, e.g. as
<ns2:starttls xmlns:ns2='urn:ietf:params:xml:ns:xmpp-tls'/>. The XMPP
analyzer did not handle this scenario correctly.

This is very similar to the following ejabberd bug:
https://support.process-one.net/browse/EJAB-1123

src/analyzer/protocol/xmpp/xmpp-analyzer.pac

@@ -11,6 +11,11 @@ refine connection XMPP_Conn += {
 	function proc_xmpp_token(is_orig: bool, name: bytestring, rest: bytestring): bool
 		%{
 		string token = std_str(name);
+		// Result will either be text after ":" or original string; this discards the namespace
+		string token_no_ns = std_str(name);
+		auto offset = token_no_ns.find(":");
+		if ( offset != std::string::npos && token_no_ns.length() > offset + 1 )
+			token_no_ns = token_no_ns.substr(offset + 1);
 
 		if ( is_orig && token == "stream:stream" )
 			// Yup, looks like xmpp...
@@ -21,10 +26,10 @@ refine connection XMPP_Conn += {
 			// Handshake has passed the phase where we should see StartTLS. Simply skip from hereon...
 			bro_analyzer()->SetSkip(true);
 
-		if ( is_orig && token == "starttls" )
+		if ( is_orig && ( token == "starttls" || token_no_ns == "starttls" ) )
 			client_starttls = true;
 
-		if ( !is_orig && token == "proceed" && client_starttls )
+		if ( !is_orig && ( token == "proceed" || token_no_ns == "proceed" ) && client_starttls )
 			{
 			bro_analyzer()->StartTLS();
 			BifEvent::generate_xmpp_starttls(bro_analyzer(), bro_analyzer()->Conn());
@@ -32,7 +37,7 @@ refine connection XMPP_Conn += {
 		else if ( !is_orig && token == "proceed" )
 			reporter->Weird(bro_analyzer()->Conn(), "XMPP: proceed without starttls");
 
-		//printf("Processed: %d %s %s \n", is_orig, c_str(name), c_str(rest));
+		// printf("Processed: %d %s %s %s \n", is_orig, c_str(name), c_str(rest), token_no_ns.c_str());
 
 		return true;
 		%}