userguide: explain rule types and categorization - v5

[jufajardini]

Add documentation about the rule types introduced by 2696fda.

Add doc tags around code definitions that are referenced in the docs.

Task #https://redmine.openinfosecfoundation.org/issues/7031

Link to ticket: https://redmine.openinfosecfoundation.org/issues/
I guess this covers https://redmine.openinfosecfoundation.org/issues/7031

Built docs: https://suri-rtd-test.readthedocs.io/en/doc-sigtypes-et-properties-v5/rules/intro.html#rule-types-and-categorization

Previous PR: #12111

Describe changes: (tried to) address feedback:

• add another rule with negated IP address
• change Decode Events rule type to Decoder Events, since that's how they're defined in the original commit message
• fix clang format error
• s/Scope/Action Scope
• s/starts with/startswith

[victorjulien]

2 more things I missed previously, sorry

[victorjulien]

dce_stub_data or dcerpc.stub_data (last is newer, so use that)

[victorjulien]

should this be directly under the (*) note?

[jufajardini]

Will move it back there.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 83.28%. Comparing base (278dc24) to head (8123018).

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #12112      +/-   ##
==========================================
+ Coverage   83.23%   83.28%   +0.05%     
==========================================
  Files         906      906              
  Lines      257647   257647              
==========================================
+ Hits       214458   214588     +130     
+ Misses      43189    43059     -130     

Flag	Coverage Δ
fuzzcorpus	61.32% <ø> (+0.11%)	⬆️
livemode	19.42% <ø> (ø)
pcap	44.43% <ø> (+<0.01%)	⬆️
suricata-verify	62.71% <ø> (+<0.01%)	⬆️
unittests	59.28% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

[jufajardini]

Feedback incorporated: #12113