WIP Draft: Shimcache execution timeline feature with Amcache enrichment

[Markus98]

Quite a lot of new stuff compared to last time. Implemented the initial timelining feature for windows 10 versions of shimcache and amcache. This code is not ready for a real PR, but it would be valuable to get some feedback at this point.

Some things that would be good to get input on:

• Should I split the source files that I have been working on further? For example the file/hve.rs file might get quite bloated if parsing for all of the different shimcache and amcache versions are put there.
• They way I am handling outputting to csv at the moment is probably not perfectly in line with the rest of the program, so any pointers on how that should be done in a proper way
• Any generic pointers regarding Rust common practices that I might be breaking
• Are the params for the timeline command appropriate and in line with the rest of the program?
• If there are any issues with naming, clarity, or code comments
• Does the error handling look good enough or should it be more precise?

Stuff I will clean up anyways:

• Will most likely remove unit tests unless I write proper ones
• Any rogue comments or println!s that I have not removed yet

[Markus98]

Some more small changes:

Changes since review 1

• Changed "timeline" command to "analyse shimcache"
  • Moved timeline.rs to analyse/shimcache.rs
• Moved csv ouput function to cli
  • Use prettytable library instead

[alexkornitzer]

Closing this out as we will cover in a new PR.