Is your feature request related to a problem? Please describe.
With the sparse availability of IPv4, shared IPs and SNI are a must have, that is included in sslyze.
In the wild, some servers also send a different certificate for SNI-less requests, which acts as a default.
Some old clients (w/o SNI support) therefore might receive this other certificate.

Describe the solution you'd like
This scan could be included in the scan, to discover a broader range of leaf certificates that are served by/for the given host.

Describe alternatives you've considered
I can also just resolve the IP of the host and start a scan with the SNI set to the IP instead of the host name, which often coincides with the "default cert" - but does not really have to, as i understand.

Additional context
The functionality is mostly implemented already.
#202

Further changes/complexity will be brought to SNI anyways.
#452