feat(scoop-virustotal): Migrate to VirusTotal API v3

[ClassicDarkChocolate]

…and use standard psstreams

Description

• The command now outputs VirusTotal report as a PowerShell object to Success stream and other contents to Information/Warning stream.
• Migrated to VirusTotal API v3. The command now requires a VirusTotal API key to use.
• The new search flow:
  1. Search for file report by file hash.
     • If it fails, go to step 2.
     • If file report is found, shows it. Go to step 4.
  2. Search for url report by file url.
     • If no url report is found, go to step 3.
     • If url report is found, and the report shows the file hash. Search for file report and shows it. Go to step 4.
     • If url report is found, and the report does not have file hash. Tell user to manually upload file. Go to step 4.
  3. If --scan is specified, submit url to VirusTotal.
  4. End.
• Remove Submit-RedirectedUrl because VirusTotal automatically finds the final url.

Motivation and Context

Closes #4965

How Has This Been Tested?

Scans hundreds of apps.

Checklist:

• I have read the Contributing Guide.
• I have ensured that I am targeting the develop branch.
• I have updated the documentation accordingly.
• I have updated the tests accordingly.
• I have added an entry in the CHANGELOG.

[ClassicDarkChocolate]

The code is already working. Any suggestions?

[niheaven]

Thanks for your work!

Since you've nearly rewrote the whole file, reviewing may take more time, sorry~

Some suggestions, could you turn back to warn, info and error when writing meaningful console output? These functions are Scoop's inner functions and are used for a consistent UX.

[niheaven]

Is there some method that VT could be used without API Key?

And could you add a hint that could guide users to sign in VT and get the API Key?

[ClassicDarkChocolate]

Is there some method that VT could be used without API Key?

The old api used by scoop is blocked:
GET https://www.virustotal.com/ui/files/af17a2803c5c6406b9b60dfef2d34f72f218975f9d78df21005a44f6e2f0caf9

{
  "error": {
    "message": "Please re-send request with a valid reCAPTCHA response in the \"x-recaptcha-response\" header",
    "code": "RecaptchaRequiredError"
  }
}

And could you add a hint that could guide users to sign in VT and get the API Key?

Users only have to register an account. No other actions needed.

[ClassicDarkChocolate]

The above commit is mainly to fix these issues.

• When hash of file is incorrect, tell user hash is not matched. Only manifest with sha256 hash can be checked.
  • Can be tested now with scoop download rustdesk; scoop virustotal -sp rustdesk
• Rarely when file is downloaded by virustotal and hash is returned in url report, but file is still not being scanned somehow.
  • Can be tested with scoop virustotal -sp telnet

I think I won't do another commit after this one. Unless there are bugs or suggestions.

[niheaven]

Fix help message and add API Key hint

Please add a changelog entry.