Fix DNS CAA check for IP scans and subdomains

[grhza]

For context, I'm a penetration tester and a few folks at the company have pointed out CAA false positives in our reports because of testssl. Also IP scans not returning 100% reliable output. Decided to have a go at fixes and submit this PR :)

Following changes made:

• Skip CAA lookup entirely when NODE is an IP address; show "not checked (IP address scan)" instead of spuriously querying IP octets as domain labels and reporting "not offered"
• Force FQDN (trailing dot) on the initial caa_node before the walk loop so dig does not apply the resolv.conf search domain to the first query, which could return a false result
• Add a visible warning in the scan header when scanning by IP address, noting that trust/CAA and other domain-specific checks may be unreliable and the user should rescan with the hostname

Describe your changes

Please refer to an issue here or describe the change thoroughly in your PR.

What is your pull request about?

• [ X] Bug fix
• [X ] Improvement
• New feature (adds functionality)
• Breaking change (bug fix, feature or improvement that would cause existing functionality to not work as expected)
• Typo fix
• Documentation update
• Update of other files

If it's a code change please check the boxes which are applicable

• [X ] For the main program: My edits contain no tabs, indentation is five spaces and any line endings do not contain any blank chars
• [X ] I've read CONTRIBUTING.md and Coding_Convention.md
• [X ] I have tested this fix or improvement against >=2 hosts and I couldn't spot a problem
• I have tested this new feature against >=2 hosts which show this feature and >=2 host which does not (in order to avoid side effects) . I couldn't spot a problem
• For the new feature I have made corresponding changes to the documentation and / or to help()
• If it's a bigger change: I added myself to CREDITS.md (alphabetical order) and the change to CHANGELOG.md