Implement PowerQuery support for SentinelOne

[jholtmann]

This PR implements PowerQuery support for the SentinelOne product.

Benefits of PowerQuery (PQ) over Deep Visibility (DV):

• Lack of a 1req/min rate limit allows product to perform a separate query per search criteria, resulting in more useful output
• Ability to perform a query per search criteria helps reduce the impact of the 20k search result limit

Discussion Points:

• Which mode should be the default, PQ or DV? PQ provides faster and more accurate search results, but I am not sure if it is available across all S1 consoles. This PR currently sets PQ as the default and allows falling back to DV with the --dv product flag.
• PQ does not respect Site ID filters unless the parent Account ID is also included in the query. This means that if the user provides both an Account ID and a nested Site ID, we cannot assume that only the Account ID should be queried (as we currently do in DV mode). This PR automatically adds the Account ID when only a Site ID is provided by the user. This logic difference between DV and PQ may be confusing to users.
• Having both PQ and DV implementations makes the code somewhat harder to understand due to frequent branching logic. If we determine that PowerQuery can be assumed to be globally available, we may want to consider removing DV support in the future.

Testing:

• I have tested PQ and DV searches with various definition files and haven't noticed any issues.

[xC0uNt3r7hr34t]

PowerQuery is still in Beta. I would recommend that DV be set to default until PowerQuery is released to GA and more stable. I agree with all the other benefits. If we want to keep PowerQuery as the default for the future to limit code changes, then we need to make it very obvious in documentation and help guide that PowerQuery is default.

[rc-csmith]

Because of the benefits of using PQ (more accurate results and faster runtime), I think we should go ahead and keep it as defaul. But, as @xC0uNt3r7hr34t said, we'll need to make sure documentation and release notes are in place when the changes go live so users are aware.