Binary detection workflow enhancements

[kzantow]

What would you like to be added:
This is a brain-dump of some ideas to improve the process of adding and editing binary classifiers, it needs a lot of refinement.

It would be great if the binary cataloger utilities provided the following workflow by way of running a single command that provides a loop of the following actions:

• add or edit named cataloger definition
• add multiple container tags
• set file glob expression
• set regex
• test regex and glob against all containers
• write the binary classifier definition

Ancillary to this, each classifier should be specified in a separate Yaml file (or golang), for example:

syft/pkg/cataloger/binary/classifiers/mongodb-binary.yaml
syft/pkg/cataloger/binary/classifiers/fluent-bit-binary.yaml

Or some other similarly defined set of configuration files which are independent of each other. Each configuration file can also directly contain the test images/etc. that is currently in a single test-fixtures/config.yaml.

Why is this needed:
While the testing utilities today are very useful there were some rough edges that could be made to work more smoothly.

Additional context:
A hypothetical workflow example:

$ go run ./cmd/binary-matcher fluent-bit-binary <-- required name will load existing
commands are:
  glob <glob>        -- sets the file glob to find files, runs this on every image and provided binary
  image <tag>        -- adds an image with the given tag, automatically capturing the appropriate sha
  binary <file>      -- adds a local file without an image, maybe a URL, archive, etc.
  ls <image>         -- lists the entire file tree all images
  write              -- writes the configuration file
  expression <expr>  -- sets the matching expression and runs it against all configured images
  test [<image>]     -- tests the current glob and expression against all images or a specific image
  identify <stuff>   -- sets the package name, PURL(s), CPE expression(s), etc.

> image fluent/fluent-bit:3.0.2-amd64
  downloaded fluent/fluent-bit:3.0.2-amd64@sha256:7e6fe8efd51dda0739e355f58bf5e3b1623cbf2d4a23c06c7a365d9553e2d242
  
  no glob expression provided

> ls fluent/fluent-bit:3.0.2-amd64
  fluent/fluent-bit:3.0.2-amd64@sha256:7e6fe8efd51dda0739e355f58bf5e3b1623cbf2d4a23c06c7a365d9553e2d242:
    -rwxr-xr-x   1 root  root   7.7K May 21 13:49 /fluent-bit
    -rwxr-xr-x   1 root  root   7.7K May 21 13:49 /fluent-bit/bin
    -rwxr-xr-x   1 root  root   7.7K May 21 13:49 /fluent-bit/bin/fluent-bit *
    -rw-r--r--   1 root  root   7.7K May 21 13:49 /fluent-bit/config
  ...

> glob **/fluent-bit
found:
  fluent/fluent-bit:3.0.2-amd64@sha256:7e6fe8efd51dda0739e355f58bf5e3b1623cbf2d4a23c06c7a365d9553e2d242
    /fluent-bit/bin/fluent-bit

> expression 3.0.2

> test fluent/fluent-bit:3.0.2-amd64
  fluent/fluent-bit:3.0.2-amd64@sha256:7e6fe8efd51dda0739e355f58bf5e3b1623cbf2d4a23c06c7a365d9553e2d242
    /fluent-bit/bin/fluent-bit
Multiple string matches found in the binary:

1) 3.0.2
2) 3.0.2
3) CONNECT {"verbose":false,"pedantic":false,"ssl_required":false,"name":"fluent-bit","lang":"c","version":"3.0.2"}

Please select a match: 1

006804fc: 2525 2e25 6973 0a00 252a 733e 2074 7970  %%.%is..%*s> typ
0068050c: 653a 2000 332e 302e 3200 2573 466c 7565  e: .3.0.2.%sFlue
0068051c: 6e74 2042 6974 2076 2573 2573 0a00 2a20  nt Bit v%s%s..* 
0068052c: 6874 7470 733a 2f2f 666c 7565 6e74 6269  https://fluentbi
0068053c: 742e 696f 0a0a 0069 6e76 616c 6964 2063  t.io...invalid c
0068054c: 7573 746f 6d20 706c 7567 696e 2027 2573  ustom plugin '%s
0068055c: 2700 696e 7661 6c69 6420 696e 7075 7420  '.invalid input 
0068056c: 706c 7567 696e 2027                      plugin '

> expression \x00(?P<version>[0-9]+\.[0-9]+\.[0-9]+)\x00%sFluent

> test
...

> image fluent/fluent-bit:2.2.1-arm64
...

> test
...

> expression \x00(?P<version>[0-9]+\.[0-9]+\.[0-9]+)\x00[^\d]*Fluent

> test
...

> write

... or something like that.