detect: log app-layer metadata in alert with single tx

[catenacyber]

Link to ticket: https://redmine.openinfosecfoundation.org/issues/
https://redmine.openinfosecfoundation.org/issues/7199

May also solve https://redmine.openinfosecfoundation.org/issues/7406 and https://redmine.openinfosecfoundation.org/issues/7350

Describe changes:

• detect: log app-layer metadata in alert with single tx

SV_BRANCH=OISF/suricata-verify#2141

Is this the right way to solve most of the cases as I remember discussing with someone ?

#12158 with removing redundant check for pflow->alstate

[victorjulien]

I think this is a bit vague. The point is that there is only one tx over the lifetime of the flow (so far), so not just one "active" tx. Think the git message can be more clear on this as well.

[catenacyber]

I think this code checks if there is one active transaction, not just one over the whole lifetime...

Am I wrong ?

[catenacyber]

Fixed this in next version

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 49.84%. Comparing base (bd7d38e) to head (7bec7d5).

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #12161      +/-   ##
==========================================
+ Coverage   49.81%   49.84%   +0.03%     
==========================================
  Files         909      909              
  Lines      257904   257902       -2     
==========================================
+ Hits       128467   128552      +85     
+ Misses     129437   129350      -87     

Flag	Coverage Δ
fuzzcorpus	61.03% <100.00%> (+0.08%)	⬆️
livemode	19.43% <16.66%> (+<0.01%)	⬆️
pcap	44.43% <100.00%> (+0.02%)	⬆️
suricata-verify	62.74% <100.00%> (-0.01%)	⬇️
unittests	8.98% <0.00%> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

[catenacyber]

Next in #12166