FEAT: Service Scanner - TLS certificate details and STARTTLS detection

## Split from #47

Issue #47 (Service Scanner - protocol probes) has been **substantially completed**.

### Completed (in current codebase)
- ✅ SSH probe - detects OpenSSH version (`pkg/suricata/scanner/probes.go` lines 160-185)
- ✅ HTTP probe - server header and response code (lines 87-130)
- ✅ TLS probe - TLS version detection (lines 132-158)
- ✅ MySQL probe - version from handshake (lines 187-222)
- ✅ SMTP probe - banner detection (lines 224-249)
- ✅ Additional: FTP, POP3, IMAP, DNS probes
- ✅ CLI access via `nftban suricata scan deep`

### This Issue: Remaining Enhancements
- [ ] TLS certificate CN (Common Name) extraction
- [ ] TLS certificate expiry date extraction
- [ ] SMTP STARTTLS capability detection
- [ ] Optional: Add `nftban services --probe` alias

## Technical Context

Current TLS probe only extracts version:
```go
// probeHTTPS() - missing cert details
conn, err := tls.Dial("tcp", addr, &tls.Config{InsecureSkipVerify: true})
// Only TLS version is captured, not certificate details
```

## Acceptance Criteria
- [ ] `nftban suricata scan deep` shows certificate CN
- [ ] `nftban suricata scan deep` shows certificate expiry
- [ ] SMTP probe reports STARTTLS support (yes/no)
- [ ] Results stored in service registry

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

FEAT: Service Scanner - TLS certificate details and STARTTLS detection #54

Split from #47

Completed (in current codebase)

This Issue: Remaining Enhancements

Technical Context

Acceptance Criteria

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

FEAT: Service Scanner - TLS certificate details and STARTTLS detection #54

Description

Split from #47

Completed (in current codebase)

This Issue: Remaining Enhancements

Technical Context

Acceptance Criteria

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions