Display analysis information

[s-ff]

Closes #857.

This commit introduces two new metadata fields to result_document. Would this be considered a breaking change?

This would require regenrating the rdoc test files. see https://github.com/mandiant/capa-testfiles/pull/239.

Checklist

• [ ] No CHANGELOG update needed
• [ ] No new tests needed
• [ ] No documentation update needed

[mr-tz]

I think this requires regenerating the files in tests/data/rd/

[s-ff]

Should be good to go once https://github.com/mandiant/capa-testfiles/pull/239 is merged.

[mr-tz]

Stepping back here for a moment, let's consider if we want to implement this differently:

• add new characteristics: few imports, few detected library functions
• add new limitation rules using these features
• update behavior to handle has_file_limitation or similar

That way we can handle the various limitations/warnings consistently. The core extraction logic still resides in capa but we don't have to extend the meta data.

Related: should we provide functionality to easier leverage this in other tools? Right now other tools need to reimplement the logic we have in capa.main to handle special cases/detections.

[williballenthin]

@mr-tz this would require many fewer breaking changes, which i like