Add DLL hijacking detection

[sobregosodd]

Adds new rule that detects when is attempted to load arbitrary DLL or Shared Object to gain execution. The goal is to detect the most common patterns for DLL hijacking, among:

• DLL side-loading: an object is being fed to a non malicious application
• DLL injection: Append arbitrary code into a running process
• Phantom DLL: Plant a shared object or DLL into the system which is then loaded by a trusted executable

See here for more information on techniques

A false positive analysis scan was performed with the following results:

• A test was ran against the top 500 npm packages, which produced 0 FP
• A test was ran against the top 500 pypi packages, which produced 0 FP
• A test was ran against the most interesting npm packages released last week (~200), which produced 0 FP
• A test was ran against the most interesting pypi packages released last week (~275), which produced 0 FP