Refactor how we handle third_party rules

[tstromberg]

• Move 'rules/third_party' to 'third_party'. This felt too hidden before, and I want to make sure we are fully transparent about bundled code.
• Make our approach to updating and pinning third_party rules more uniform and migrate the complexity into a shell script.
• Rename pkg/rules to pkg/compile to avoid having two rules packages in our code base.
• Shorten the long descriptions from https://github.com/mthcht/ThreatHunting-Keywords
• Update to the latest 3rd party rules to demonstrate that the scripts work.