tests: add pgsql cancel request tests

Showcase CancelRequest postgresql message output.

Related to
Task #6577

tests/pgsql/pgsql-cancel-request/README.md

@@ -0,0 +1,19 @@
+# Test Description
+
+Showcase Suricata output and behavior when it inspects PostgreSQL traffic where
+a `CancelRequest` message is sent.
+
+A CancelRequest message is sent by the FrontEnd (client) when it wants to cancel
+a Query. It is sent to a new port, so this creates a new transaction. No direct
+message is sent to confirm that the CancelRequest was processed, but if it is,
+the transaction/process waiting for the Query will receive an Error Message
+indicating that the Query was canceled (cf
+https://www.postgresql.org/docs/16/protocol-flow.html#PROTOCOL-FLOW-CANCELING-REQUESTS).
+
+## PCAP
+
+Shared by Jason Ish, sample of a local query to a sample local database.
+
+## Related issues
+
+Task for adding pgsql message: https://redmine.openinfosecfoundation.org/issues/6577

tests/pgsql/pgsql-cancel-request/suricata.yaml

@@ -0,0 +1,17 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      filename: eve.json
+      types:
+        - pgsql
+        - flow
+
+app-layer:
+  protocols:
+    pgsql:
+      enabled: yes
+

tests/pgsql/pgsql-cancel-request/test.yaml

@@ -0,0 +1,91 @@
+requires:
+   min-version: 8
+args:
+- -k none
+- --set stream.midstream=true
+
+checks:
+- filter:
+    count: 1
+    match:
+      dest_ip: 100.96.199.113
+      dest_port: 5432
+      event_type: pgsql
+      pgsql.request.message: SSL Request
+      pgsql.response.ssl_accepted: false
+      pgsql.tx_id: 1
+      src_ip: 100.88.2.140
+      src_port: 39704
+- filter:
+    count: 1
+    match:
+      dest_ip: 100.96.199.113
+      dest_port: 5432
+      event_type: pgsql
+      pgsql.request.protocol_version: '3.0'
+      pgsql.request.startup_parameters.optional_parameters[0].database: rules
+      pgsql.request.startup_parameters.optional_parameters[1].application_name: psql
+      pgsql.request.startup_parameters.optional_parameters[2].client_encoding: UTF8
+      pgsql.request.startup_parameters.user: rules
+      pgsql.tx_id: 2
+      src_ip: 100.88.2.140
+      src_port: 39704
+- filter:
+    count: 1
+    match:
+      dest_ip: 100.96.199.113
+      dest_port: 5432
+      event_type: pgsql
+      pgsql.response.message: authentication_ok
+      pgsql.response.parameter_status[0].application_name: psql
+      pgsql.response.process_id: 28954
+      pgsql.response.secret_key: 889887985
+      pgsql.tx_id: 3
+      src_ip: 100.88.2.140
+      src_port: 39704
+- filter:
+    count: 1
+    match:
+      dest_ip: 100.96.199.113
+      dest_port: 5432
+      event_type: pgsql
+      pcap_cnt: 23
+      pgsql.request.simple_query: select pg_sleep(9)
+      pgsql.response.code: '57014'
+      pgsql.response.field_count: 1
+      pgsql.response.file: postgres.c
+      pgsql.response.line: '3211'
+      pgsql.response.message: canceling statement due to user request
+      pgsql.response.routine: ProcessInterrupts
+      pgsql.response.severity_localizable: ERROR
+      pgsql.response.severity_non_localizable: ERROR
+      pgsql.tx_id: 4
+      src_ip: 100.88.2.140
+      src_port: 39704
+- filter:
+    count: 1
+    match:
+      dest_ip: 100.96.199.113
+      dest_port: 5432
+      event_type: pgsql
+      pgsql.request.message: termination_message
+      pgsql.tx_id: 5
+      src_ip: 100.88.2.140
+      src_port: 39704
+- filter:
+    count: 1
+    match:
+      dest_ip: 100.96.199.113
+      dest_port: 5432
+      event_type: pgsql
+      pgsql.request.secret_key: 889887985
+      pgsql.request.message: cancel_request
+      pgsql.request.process_id: 28954
+      pgsql.tx_id: 1
+      src_ip: 100.88.2.140
+      src_port: 39706
+- filter:
+    count: 2
+    match:
+      app_proto: pgsql
+      event_type: flow