Added processing fie filename|<hash> indicators

[scoggins]

I've added code to also handle filename and filename| types. I moved the population of iv[] up so I could copy it when when I end up with a second indicator for the same event.

[jtschichold]

Thanks for the PR ! Comments:

• I see you are matching on "filename|", are the MISP attributes of type filename always composite ?
• I think there is a problem at line 252, you always set the type of the second indicator to sha256. It should be set to itype2, right ?
• Please, could you add your name to the AUTHORS file ?
• Could you also confirm that you accept the Apache 2 license ?

[scoggins]

• I see you are matching on "filename|", are the MISP attributes of type filename always composite ?

The type can be "filename" or "filename|\<hash>" (See MISP Categories/Types) I've added filename to _MISP_TO_MINEMELD so if it's just "filename" it will get caught by the final else, if it's "filename|\<hash>" it checks to see if minemeld knows about the hash type, if so it creates an indicator for it.

• I think there is a problem at line 252, you always set the type of the second indicator to sha256. It should be set to itype2, right ?

You are correct! Good eye, I was originally just doing it for sha256 but realised it was easy enough to have it support all minemeld supported hash types. This has been fixed.

• Please, could you add your name to the AUTHORS file ?

Done!

• Could you also confirm that you accept the Apache 2 license ?

I confirm that I accept the apache 2 license.