security/zeek: Update to 4.0.2

https://github.com/zeek/zeek/releases/tag/v4.0.2

This release fixes several potential DoS vulnerabilities:

• Fix potential Undefined Behavior in decode_netbios_name() and decode_netbios_name_type() BIFs. The latter has a possibility of a remote heap-buffer-overread, making this a potential DoS vulnerability.
• Add some extra length checking when parsing mobile ipv6 packets. Due to the possibility of reading invalid headers from remote sources, this is a potential DoS vulnerability.

Other fixes:

• Fix heap-use-after-free after clear_table() on a table that uses expiration attributes.
• Add fatal error for if table/Dictionary state ever becomes invalid since the behavior becomes unexpected/unclear at that point (e.g. when table bucket positions become large enough to overflow their 16-bit storage due to aggressive expiration-check settings preventing the re-positioning items)
• Add missing "zeek/" to header includes, which can prevent external plugins from compiling against Zeek source-tree (e.g. via ./configure --zeek-dist=)
• Fix reading empty set[enum] values and any vector of enum values from config files
• Fix type-checks related to list-type equality

Reported by: Tim Wojtulewicz
MFH: 2021Q2
Security: a550d62c-f78d-4407-97d9-93876b6741b9