Merge remote-tracking branch 'origin/topic/vladg/bit-1641'

* origin/topic/vladg/bit-1641:
  Logic fix for ssh/main.bro when the auth status is indeterminate, and fix a test. Addresses BIT-1641.
  Clean up the logic for ssh_auth_failed. Addresses BIT-1641
  Update baselines for adding a field to ssh.log as part of BIT-1641
  Script-land changes for BIT-1641.
  Change SSH.cc to use ssh_auth_attempted instead of ssh_auth_failed. Addresses BIT-1641.
  Revert "Fixing duplicate SSH authentication failure events."
  Create new SSH events ssh_auth_attempt and ssh_auth_result. Add auth_attempts to SSH::Info. Address BIT-1641.

I extended the tests a bit and did some small cleanups. I also moved the
SSH events back to the global namespace for backwards compatibility and
for consistency (the way it was at the moment, some of them were global
some SSH::).

Furthermore, I fixed the ssh_auth_result result event, it was only
raised in the success case. ssh_auth_result is now also checked in the
testcases. I also have a suspicion that the intel integration never
really worked before.

BIT-1641 #merged

testing/btest/scripts/base/protocols/ssh/basic.test

@@ -3,3 +3,9 @@
 # @TEST-EXEC: bro -r $TRACES/ssh/ssh.trace %INPUT
 # @TEST-EXEC: btest-diff ssh.log
 # @TEST-EXEC: btest-diff conn.log
+# @TEST-EXEC: btest-diff .stdout
+
+event ssh_auth_result(c: connection, result: bool, auth_attempts: count)
+	{
+	print "auth_result", c$uid, result, auth_attempts;
+	}