ja3 and ja3s hashes are mapped differently across multiple data sources

[pcoccoli]

Is your feature request related to a problem? Please describe.
qradar, elastic_ecs, and darktrace connectors all map ja3 and ja3s hashes to different extensions:

Describe the solution you'd like
ja3 and ja3s are hashes derived from the client and server parts of the TLS handshake. They would be more useful if all data sources that map them do it consistently. Perhaps a common extension on network-traffic?

Describe alternatives you've considered
None

Additional context
Background info on ja3/ja3s: https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967

Current mappings:

./elastic_ecs/stix_translation/json/stix_2_1/to_stix_map.json:2155:      "ja3": {
./elastic_ecs/stix_translation/json/stix_2_1/to_stix_map.json:2156:        "key": "x-ecs-tls.client_ja3",
./elastic_ecs/stix_translation/json/stix_2_1/to_stix_map.json:2203:      "ja3s": {
./elastic_ecs/stix_translation/json/stix_2_1/to_stix_map.json:2204:        "key": "x-ecs-tls.server_ja3s",
./elastic_ecs/stix_translation/json/to_stix_map.json:2183:      "ja3": {
./elastic_ecs/stix_translation/json/to_stix_map.json:2184:        "key": "x-ecs-tls.client_ja3",
./elastic_ecs/stix_translation/json/to_stix_map.json:2231:      "ja3s": {
./elastic_ecs/stix_translation/json/to_stix_map.json:2232:        "key": "x-ecs-tls.server_ja3s",
./qradar/stix_translation/json/stix_2_1/to_stix_map.json:610:  "tlsja3hash": {
./qradar/stix_translation/json/stix_2_1/to_stix_map.json:611:    "key": "x-qradar.tls_ja3_hash",
./qradar/stix_translation/json/stix_2_1/to_stix_map.json:614:  "tlsja3shash": {
./qradar/stix_translation/json/stix_2_1/to_stix_map.json:615:    "key": "x-qradar.tls_ja3s_hash",
./qradar/stix_translation/json/to_stix_map.json:609:  "tlsja3hash": {
./qradar/stix_translation/json/to_stix_map.json:610:    "key": "x-qradar.tls_ja3_hash",
./qradar/stix_translation/json/to_stix_map.json:613:  "tlsja3shash": {
./qradar/stix_translation/json/to_stix_map.json:614:    "key": "x-qradar.tls_ja3s_hash",
./darktrace/stix_translation/json/stix_2_1/to_stix_map.json:373:		"ja3_client_fingerprint": [
./darktrace/stix_translation/json/stix_2_1/to_stix_map.json:375:				"key": "x509-certificate.extensions.x-darktrace-ssl.ja3_client_fingerprint",
./darktrace/stix_translation/json/stix_2_1/to_stix_map.json:379:		"ja3s_server_fingerprint": [
./darktrace/stix_translation/json/stix_2_1/to_stix_map.json:381:				"key": "x509-certificate.extensions.x-darktrace-ssl-ext.ja3s_server_fingerprint",
./darktrace/stix_translation/json/to_stix_map.json:373:		"ja3_client_fingerprint": [
./darktrace/stix_translation/json/to_stix_map.json:375:				"key": "x509-certificate.extensions.x-darktrace-ssl.ja3_client_fingerprint",
./darktrace/stix_translation/json/to_stix_map.json:379:		"ja3s_server_fingerprint": [
./darktrace/stix_translation/json/to_stix_map.json:381:				"key": "x509-certificate.extensions.x-darktrace-ssl.ja3s_server_fingerprint",

[pcoccoli]

Note that the darktrace module creates an extension on x509-certificate when ja3/ja3s hashes are done on the TLS handshake, not the certificate.