Aim for constructive diversity (= grammar coverage) in regular input fuzzing, too

[andreas-zeller]

In interaction fuzzing (fandango talk), we aim for a diversity goal (typically, k-path grammar coverage), and the fuzzer currently runs until this diversity goal is met. The actual goal can be controlled from the API (and at some point, also from the command line); in some next step, such diversity goals could (or should) also include code coverage metrics.

In input fuzzing (fandango fuzz), this feature is not available. The fuzzer does not constructively aim for grammar coverage (it does, though, when evaluating fitness), and it runs until it is interrupted.

These two modes should be harmonized. Notably:

1. Have input fuzzing constructively aim for a grammar coverage goal
2. Have network fuzzing continue even after the grammar coverage goal is met
3. In both modes, have an option --stop-on-coverage or similar that stops when coverage goals are met

[riesentoaster]

I think we should try to refactor the non-IO-mode to essentially be a special case of IO fuzzing with an implicit single party. This would most likely give us this for free.