Add a revised script for detecting HTTP SQL injection, deprecate original

scripts/policy/protocols/http/detect-sqli.zeek

@@ -1,5 +1,20 @@
 ##! SQL injection attack detection in HTTP.
 
+## This package is deprecated in favor of detect-sql-injection.zeek.
+##
+## The replacement script annotates the notices it generates with
+## an associated $uid connection identifier; always provides an attacker
+## IP address in the $src field; and always provides a victim IP address
+## in the $dst field. The notices generated by this script, on the other
+## hand, lack a $uid identifier, and do not provide $dst information.
+## In addition, for SQL_Injection_Victim notices, this script provides the
+## victim's IP address in the $src field, which some find counter-intuitive.
+##
+## In addition, the replacement script removes support for generating
+## Notice emails.
+
+@deprecated "Remove in v8.1: Switch to the improved detect-sql-injection script"
+
 @load base/frameworks/notice
 @load base/frameworks/sumstats
 @load base/protocols/http