Add support for json '-e' fields

[IrPgFKS0]

This request adds support that standardizes the json output (using '-e ' flags) by removing multidimensional json field nesting, and in turn will increase parsing speeds (see added support flags below)...

custom_parameters = [
    '-e', 'ip.src',
    '-e', 'ip.dst',
    '-e', 'http.file_data']

Output generated by tshark with above '-e <field>' flags:
{
    "_index": "packets-2021-02-02",
    "_type": "pcap_file",
    "_score": null,
    "_source": {
      "layers": {
        "ip.src": [
          "216.58.195.78"
        ],
        "ip.dst": [
          "10.0.0.10"
        ],
        "http.file_data": [
          "<HTML><HEAD><meta http-equiv=\"content-type\" content=\"text/html;charset=utf-8\">\n<TITLE>301 Moved<\/TITLE><\/HEAD><BODY>\n<H1>301 Moved<\/H1>\nThe document has moved\n<A HREF=\"http://www.google.com/\">here<\/A>.\r\n<\/BODY><\/HTML>\r\n"
        ]
      }
    }
  }

[BMWE]

@IrPgFKS0, Can you please do the same for other pdml?

[IrPgFKS0]

What do you want from the pdml output that you cannot get from json? On another note if you are looking for the fastest way to read and parse JSON tshark output "-T ek" is really the best, the below project is a pretty good example of this.

https://github.com/vichargrave/espcap

He is using a synchronized process which is fine if the post-processing is minimal, but if you are running CPU bound tasks on the same proc I recommend "multiprocessing Pipe" to dedicate a processor to reading the "tshark" output and writing to a pipe, and a dedicated processor for reading from the pipe and any post-processing tasks (I am using that for CPU bound entropy calculations on the payloads).