vmray: loosen file checks to enable processing of additional file types

[mike-hunhoff]

closes #2403

This PR addresses two issues:

1. Loosen file checks to enable processing of additional file types, e.g. PS1 and MSI. We handle this by largely ignoring file and global feature extraction because we care most about the dynamic trace analysis anyways. This accepts that capa's results may be incomplete but still useful.
2. Handle VMRay analysis archives that may have more than one file marked as the submission, e.g. compound ZIP files. Unfortunately, I have not identified a sure way of differentiating which of the files is the actual submission. Instead, we rely on the ordering of the files and use the last file marked as the submission file. This appears to hold true for compound ZIP files.

[github-actions]

Please add bug fixes, new features, breaking changes and anything else you think is worthwhile mentioning to the master (unreleased) section of CHANGELOG.md. If no CHANGELOG update is needed add the following to the PR description: [x] No CHANGELOG update needed

CHANGELOG updated or no update needed, thanks! 😄

[williballenthin]

i think we should add a test case for this setup, because we don't want future code to accidentally start relying on things that might not be present. is this reasonably possible @mike-hunhoff ?

[mike-hunhoff]

i think we should add a test case for this setup, because we don't want future code to accidentally start relying on things that might not be present. is this reasonably possible @mike-hunhoff ?

I've added a test in 438d911 for a minimized PowerShell script trace. Because this is PowerShell trace there is no static data so any future code that assumes static data is present should cause this test to fail.

[williballenthin]

send it!