Add SSH scan support with BSI TR-02102-4 compliance

- SSH scanning via ssh-audit (KEX, encryption, MAC, host keys)
- BSI TR-02102-4 and IANA compliance validation for SSH
- CSV/Markdown/reST reports for SSH results
- Unified compliance schema and database views
- Code optimization: modular query/writer architecture

tests/fixtures/iana_xml/tls-parameters-minimal.xml

@@ -1,4 +1,4 @@
-<?xml version='1.0' encoding='UTF-8'?>
+<?xml version='1.0' encoding='UTF-8' ?>
 <registry xmlns="http://www.iana.org/assignments" id="tls-parameters">
   <title>Transport Layer Security (TLS) Parameters</title>
   <category>Transport Layer Security (TLS)</category>
@@ -12,35 +12,35 @@
       <description>TLS_AES_128_GCM_SHA256</description>
       <dtls>Y</dtls>
       <rec>Y</rec>
-      <xref type="rfc" data="rfc8446"/>
+      <xref type="rfc" data="rfc8446" />
     </record>
     <record>
       <value>0x13,0x02</value>
       <description>TLS_AES_256_GCM_SHA384</description>
       <dtls>Y</dtls>
       <rec>Y</rec>
-      <xref type="rfc" data="rfc8446"/>
+      <xref type="rfc" data="rfc8446" />
     </record>
     <record>
       <value>0x00,0x9C</value>
       <description>TLS_RSA_WITH_AES_128_GCM_SHA256</description>
       <dtls>Y</dtls>
       <rec>N</rec>
-      <xref type="rfc" data="rfc5288"/>
+      <xref type="rfc" data="rfc5288" />
     </record>
     <record>
       <value>0x00,0x2F</value>
       <description>TLS_RSA_WITH_AES_128_CBC_SHA</description>
       <dtls>Y</dtls>
       <rec>N</rec>
-      <xref type="rfc" data="rfc5246"/>
+      <xref type="rfc" data="rfc5246" />
     </record>
     <record>
       <value>0x00,0x0A</value>
       <description>TLS_RSA_WITH_3DES_EDE_CBC_SHA</description>
       <dtls>Y</dtls>
       <rec>N</rec>
-      <xref type="rfc" data="rfc5246"/>
+      <xref type="rfc" data="rfc5246" />
     </record>
   </registry>
 
@@ -51,21 +51,21 @@
       <description>secp256r1</description>
       <dtls>Y</dtls>
       <rec>Y</rec>
-      <xref type="rfc" data="rfc8422"/>
+      <xref type="rfc" data="rfc8422" />
     </record>
     <record>
       <value>24</value>
       <description>secp384r1</description>
       <dtls>Y</dtls>
       <rec>Y</rec>
-      <xref type="rfc" data="rfc8422"/>
+      <xref type="rfc" data="rfc8422" />
     </record>
     <record>
       <value>29</value>
       <description>x25519</description>
       <dtls>Y</dtls>
       <rec>Y</rec>
-      <xref type="rfc" data="rfc8446"/>
+      <xref type="rfc" data="rfc8446" />
     </record>
   </registry>
 
@@ -76,21 +76,99 @@
       <description>ecdsa_secp256r1_sha256</description>
       <dtls>Y</dtls>
       <rec>Y</rec>
-      <xref type="rfc" data="rfc8446"/>
+      <xref type="rfc" data="rfc8446" />
     </record>
     <record>
       <value>0x0804</value>
       <description>rsa_pss_rsae_sha256</description>
       <dtls>Y</dtls>
       <rec>Y</rec>
-      <xref type="rfc" data="rfc8446"/>
+      <xref type="rfc" data="rfc8446" />
     </record>
     <record>
       <value>0x0401</value>
       <description>rsa_pkcs1_sha256</description>
       <dtls>Y</dtls>
       <rec>N</rec>
-      <xref type="rfc" data="rfc8446"/>
+      <xref type="rfc" data="rfc8446" />
+    </record>
+  </registry>
+
+  <registry id="tls-parameters-6">
+    <title>TLS Alert Messages</title>
+    <record>
+      <value>0</value>
+      <description>close_notify</description>
+      <dtls>Y</dtls>
+      <rec>Y</rec>
+      <xref type="rfc" data="rfc8446" />
+    </record>
+    <record>
+      <value>10</value>
+      <description>unexpected_message</description>
+      <dtls>Y</dtls>
+      <rec>Y</rec>
+      <xref type="rfc" data="rfc8446" />
+    </record>
+    <record>
+      <value>20</value>
+      <description>bad_record_mac</description>
+      <dtls>Y</dtls>
+      <rec>Y</rec>
+      <xref type="rfc" data="rfc8446" />
+    </record>
+    <record>
+      <value>40</value>
+      <description>handshake_failure</description>
+      <dtls>Y</dtls>
+      <rec>Y</rec>
+      <xref type="rfc" data="rfc8446" />
+    </record>
+    <record>
+      <value>80</value>
+      <description>internal_error</description>
+      <dtls>Y</dtls>
+      <rec>Y</rec>
+      <xref type="rfc" data="rfc8446" />
+    </record>
+  </registry>
+
+  <registry id="tls-parameters-5">
+    <title>TLS ContentType</title>
+    <record>
+      <value>20</value>
+      <description>change_cipher_spec</description>
+      <dtls>Y</dtls>
+      <rec>N</rec>
+      <xref type="rfc" data="rfc8446" />
+    </record>
+    <record>
+      <value>21</value>
+      <description>alert</description>
+      <dtls>Y</dtls>
+      <rec>Y</rec>
+      <xref type="rfc" data="rfc8446" />
+    </record>
+    <record>
+      <value>22</value>
+      <description>handshake</description>
+      <dtls>Y</dtls>
+      <rec>Y</rec>
+      <xref type="rfc" data="rfc8446" />
+    </record>
+    <record>
+      <value>23</value>
+      <description>application_data</description>
+      <dtls>Y</dtls>
+      <rec>Y</rec>
+      <xref type="rfc" data="rfc8446" />
+    </record>
+    <record>
+      <value>24</value>
+      <description>heartbeat</description>
+      <dtls>Y</dtls>
+      <rec>Y</rec>
+      <xref type="rfc" data="rfc6520" />
     </record>
   </registry>
 </registry>