Make 'output may be large' note size-conditional + extend to rar2john / dmg2john / keepass2john (#4051)

[ChrisJr404]

Closes (or substantially closes) #4051.

The `*2john` family of converters embed the encrypted blob from the input archive directly into the JtR hash line written to stdout. For large inputs (encrypted disk images, password-protected RARs, KeePass DBs with big key files) the resulting hash line can run into hundreds of megabytes — which routinely surprises new users into thinking the tool malfunctioned.

@gartikis added an unconditional one-liner to zip2john in #5837 to address that. It helped, but:

1. It fires after each output, so by the time it appears the user has already watched MBs scroll by (and sometimes Ctrl+C'd).
2. It fires for every archive, including tiny ones — `zip2john tiny.zip` would always print "It is normal for some outputs to be very large" even when the output was 200 bytes.
3. The other converters most likely to surprise users (rar2john, dmg2john, keepass2john) didn't get the same hint.

This PR replaces the unconditional zip2john message with a size-conditional version and extends it to the other three converters, sharing one tiny static-inline helper.

What changes

`src/2john_common.h` (new)

Single header, no link-time dep:

```c
LARGE_OUTPUT_THRESHOLD_BYTES 1 MiB, matching the suggestion in #4051
large_output_note(progname) one-shot stderr note ('output may be very
large; redirect into a file with...')
large_output_note_if_input_large(progname, path, threshold)
stat(path); fire note iff size >= threshold;
stat() failures silently ignored — the note
is UX, not correctness
```

`large_output_note` uses a static `announced` flag so feeding many archives in one invocation only prints it once.

`src/zip2john.c`

• Includes `2john_common.h`.
• Calls the helper at the top of each per-archive iteration in `zip2john()`.
• Removes the previous `fprintf(stderr, "Note: It is normal for some outputs to be very large\n");` from `process_one()` (replaced by an inline comment pointing at the new helper) so users scanning many small archives no longer see the note 100x.

`src/rar2john.c` / `src/dmg2john.c` / `src/keepass2john.c`

Same pattern: include the header, call the helper before the per-file processing function.

Live verification

Built with `./configure && make` from `src/`. Only warning is a pre-existing `-Wcpp` one about libbz2 unrelated to this change.

```
$ ./run/zip2john tiny.zip # 207 B input
ver 1.0 efh 5455 efh 7875 tiny.zip/small.txt PKZIP Encr: 2b chk, ...
tiny.zip/small.txt:$pkzip$122017b467677b60430178ab05da8b9...
# NO note — was previously printed unconditionally

$ ./run/zip2john big.zip 2>&1 1>/dev/null # ~2 MiB input
Note: zip2john output can be very large for large inputs (often 2x the
input size or more, since the encrypted blob is hex-encoded into the
hash line). This is normal — redirect the output into a file with
'zip2john > hashes.txt'.

$ ./run/keepass2john big.kdbx 2>&1 | head -5 # ~2 MiB input
Note: keepass2john output can be very large for large inputs (often 2x the
input size or more, since the encrypted blob is hex-encoded into the
hash line). This is normal — redirect the output into a file with
'keepass2john > hashes.txt'.
! big.kdbx : Unknown format: File signature invalid
```

Notes for review

• I picked the four converters that are most likely to embed multi-megabyte encrypted blobs (zip2john, rar2john, dmg2john, keepass2john). If you'd like I can extend the same pattern to others (gpg2john, hccap2john, putty2john, wpapcap2john, etc.) in a follow-up; happy to do whichever subset feels right.
• Threshold defaults to 1 MiB but is a parameter on `large_output_note_if_input_large(...)`, so per-tool tuning is possible without touching the helper.
• No DCO sign-off on the commit yet — happy to add it if needed.