Generate DRAKVUF analysis report

[yelhamer]

This PR adds a post processing plugin for generating JSON analysis reports. The format of the JSON report is the one agreed upon previously with the mentor (see attached example: report.json)

This PR should be merged after the TTPs PR (#919) gets merged first.

Note: This PR is the same as #927 . I have closed the other one since rebasing it to master after all the changes was more complicated than creating a new PR.

[psrok1]

I see serious issue with current implementation:

ERROR:drakrun.postprocess:build_report failed with uncaught exception
Traceback (most recent call last):
  File "/opt/venv/lib/python3.9/site-packages/drakrun/postprocess.py", line 38, in postprocess_analysis
    plugin_metadata = plugin.function(analysis_dir)
  File "/opt/venv/lib/python3.9/site-packages/drakrun/lib/postprocessing/generate_report.py", line 169, in build_report
    "processes": get_processes(analysis_dir),
  File "/opt/venv/lib/python3.9/site-packages/drakrun/lib/postprocessing/generate_report.py", line 155, in get_processes
    parse_apimon(processes, analysis_dir / "apimon.log")
  File "/opt/venv/lib/python3.9/site-packages/drakrun/lib/postprocessing/generate_report.py", line 60, in parse_apimon
    processes[pkey]["api_calls"].append(parse_apicall(call))
KeyError: '4936_3120'

I made this process by running and elevating regedit.exe.

<PID>_<PPID> is not a good choice as a unique process identifier, because you can have two different PPIDs in logs in case of UAC elevation or PPID spoofing (https://www.ired.team/offensive-security/defense-evasion/parent-process-id-ppid-spoofing)

That's why real software that tracks process lifecycle (like ProcessMonitor from sysinternals) uses internal sequential identifier to identify process. I guess we need to adapt build_process_tree.py first (because "Process is uniquely identified by pid + ts_from + ts_to, as there can be only one process with selected pid value at a time." is also a lie)