Split yara tables into `yara_process` and `yara_file` (#8835)

This PR splits the yara process scanning into its own table, while still
sharing core code between the two tables. This allows us to define both
`path` and `pid` as required fields in their respective tables;

Resolves: #8816

```sql
osquery> select * from yara_file where (path = 'C:\bin\test.txt' or path LIKE 'C:\bin\%.ps1') and sigrule = 'rule always_true { condition: true }';   
+----------------------------------+-------------+-------+-----------+---------+---------+------+
| path                             | matches     | count | sig_group | sigfile | strings | tags |
+----------------------------------+-------------+-------+-----------+---------+---------+------+
| C:\bin\test.txt                  | always_true | 1     |           |         |         |      |
| C:\bin\osquery_build_prereqs.ps1 | always_true | 1     |           |         |         |      |
| C:\bin\set_up_ssh_keys.ps1       | always_true | 1     |           |         |         |      |
+----------------------------------+-------------+-------+-----------+---------+---------+------+
```

```sql
osquery> select y.*, p.name, p.cmdline from yara_process as y JOIN processes as p using(pid) where pid in (select pid from processes where pid > 1000 limit 10) and sigrule = 'rule always_true { condition: true }';    
+------+-------------+-------+-----------+---------+---------+------+-----------------+--------------------------------------------------------------------------------------+
| pid  | matches     | count | sig_group | sigfile | strings | tags | name            | cmdline                                                                              |
+------+-------------+-------+-----------+---------+---------+------+-----------------+--------------------------------------------------------------------------------------+
| 1068 | always_true | 1     |           |         |         |      | svchost.exe     | C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p                                     |
| 1100 | always_true | 1     |           |         |         |      | fontdrvhost.exe | "fontdrvhost.exe"                                                                    |
| 1108 | always_true | 1     |           |         |         |      | fontdrvhost.exe | "fontdrvhost.exe"                                                                    |
| 1204 | always_true | 1     |           |         |         |      | svchost.exe     | C:\WINDOWS\system32\svchost.exe -k RPCSS -p                                          |
| 1248 | always_true | 1     |           |         |         |      | svchost.exe     | C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p -s LSM                              |
| 1312 | always_true | 1     |           |         |         |      | dwm.exe         | "dwm.exe"                                                                            |
| 1496 | always_true | 1     |           |         |         |      | svchost.exe     | C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts       |
| 1504 | always_true | 1     |           |         |         |      | svchost.exe     | C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p                          |
| 1544 | always_true | 1     |           |         |         |      | svchost.exe     | C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc |
| 1672 | always_true | 1     |           |         |         |      | svchost.exe     | C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService     |
+------+-------------+-------+-----------+---------+---------+------+-----------------+--------------------------------------------------------------------------------------+
```

---------

Co-authored-by: Zach Wasserman <zach@fleetdm.com>

Update Apple provisioning profile for new developer certificates (#8780)

Updates the profile to use the certificate with expiration on 2031-02-26

Update osquery-toolchain to 1.2.0 (LLVM 11.0.0, zlib 1.2.13) (#8773)

- LLVM 9.0.1 -> 11.0.0
- zlib 1.2.11 -> 1.2.13

Builds tested on
- Ubuntu 16.04 (x86_64)
- Ubuntu 18.04 (x86_64, aarch64)
- Ubuntu 20.04 (x86_64, aarch64)
- Ubuntu 22.04 (x86_64, aarch64)
- Ubuntu 24.04 (x86_64, aarch64)
- CentOS 6 (x86_64)
- CentOS 7 (x86_64)
- CentOS 8 (x86_64)
- CentOS Stream 9 (x86_64, aarch64)
- CentOS Stream 10 (aarch64)

Add support for gzip content-encoding in HTTP client (#8731)

- Toggled via `--tls_accept_gzip` default off (may switch to default on
in future releases)
- Send headers indicating gzip support and decompress gzipped responses
- Clean up existing gzip compression functoin and add decompression
function
- Update tests for roundtrip compression and integration testing gzip
with an HTTP server

Add more informative descriptions for `mounts.blocks_free` and `mount…

…s.blocks_available` (#8701)

Add table `deb_package_files` (#8657)

This is implemented following the example of `rpm_package_files`. Not all of the columns from that table are available due to what is provided in the package list file.

Revert "Update Windows runner version in hosted_runners.yml (#8618)" (#…

…8633)

Add recent_files table on Windows (#8603)

Recent files are stored as .lnk shortcuts in a specific directory per user. This table makes that information easier to read than using the file table directly.

Filter the Win32_Processor query to only required fields (#8598)

Querying Win32_Processor for all fields has a performance penalty of 1.1s per CPU core - this is mostly unnoticable on small boxes, but on larger boxes can actualloy have a significant impact on startup performance.  Even on an 8 core system, this takes the startup time for osqueryi from 8.5s to 0.2s.

Fix the `python_paths` table to skip unnecessary code paths when filt…

…ering by `directory` (#8544)