Add Ability to Capture Detection State in AnalysisType

[ikiril01]

Currently, there's no explicit way to capture the detection state (i.e. if something was explicitly reported/analyzed as malicious) in the AnalysisType. We should consider adding a structure for doing so.

[ikiril01]

I'm wondering if this should be a simple Boolean field, or a more complex one that includes some measure of confidence and assertions as to WHY it was marked as malicious (or not)?

[ikiril01]

Perhaps this only makes sense to do for AV Classifications, as in #109?

[ikiril01]

Another consideration: given that characterizing something as a Malware Subject already implies that it's malware, does it even make sense to add such a property?

[ikiril01]

Perhaps instead of a Boolean it would be better to capture the relative confidence of whether something is malicious or not.

[ikiril01]

We could also capture the relative nature of the findings of the analysis - e.g., if something was truly found to be malicious, or is merely suspicious.

E.g.,

<Analysis type="dynamic" finding="malicious">
  ...
</Analysis>