feat: add threshold-based alert for out-of-window segments

[Zious11]

Summary

The max_receive_window check (added in #12) silently drops segments with only a counter (segments_out_of_window). A high count could indicate misconfiguration, evasion, or capture corruption, but produces no actionable feedback.

Proposal

Add a threshold-based alert similar to the existing overlap and small-segment alerts:

• Track out_of_window_count per flow direction
• Fire a Finding when count exceeds threshold (e.g., 100)
• Category: Anomaly, Verdict: Inconclusive, Confidence: Low
• Include max_receive_window value in evidence

Context

Industry practice (Suricata/Zeek) is counter-only for individual drops, but Zeek logs to weird.log which provides visibility. wirerust's equivalent would be a threshold-based Finding.