Massive adjustments, to accommodate keywords with leading content, or…

… keywords with trailing content. Also make the call to keyword function more efficient, one call instead of every element. Added ability to modify disparate parts of the rule such as for the DNS.query function modifying Alert dns to alert udp