Support sigma tags field

[YamatoSecurity]

The tags field in sigma rules is a list so cannot currently be outputted.
It would be great if Suzaku could automatically detect if the field value is a list and if so concatenate the values together with a separator but if it is hard to detect automatically then manually support certain field names like tags.

• Multiple tags should be joined together with ¦ like Hayabusa does.
• The following abbreviations should be done:

1. attack.reconnaissance -> Recon
2. attack.resource-development -> ResDev
3. attack.initial-access -> InitAccess
4. attack.execution -> Exec
5. attack.persistence -> Persis
6. attack.privilege-escalation -> PrivEsc
7. attack.defense-evasion -> Evas
8. attack.credential-access -> CredAccess
9. attack.discovery -> Disc
10. attack.lateral-movement -> LatMov
11. attack.collection -> Collect
12. attack.command_and_control -> C2
13. attack.exfiltration -> Exfil
14. attack.impact -> Impact

• attack.t should be converted to just T so that attack.t1562.001 converts to T1562.001
• attack.g should be converted to just G so that attack.g0035 converts to G0035

Example:

tags:
    - attack.g0035
    - attack.credential_access
    - attack.discovery
    - attack.t1110
    - attack.t1087

will convert to G0035 ¦ CredAccess ¦ Disc ¦ T1110 ¦ T1087

For JSON output as well, instead of creating an array, lets keep it a flat JSON file for now with the same string as for CSV output.