add alternative backend provided by lancelot

[williballenthin]

lancelot is a disassembler and code analysis framework for x86/x64 PE files. this PR adds a backend to capa that's based on lancelot. key reasons to consider merging the PR are performance and py3 support. the major reason not to merge is that lancelot is quite experimental.

i've been slowly working on lancelot for the past few years, and its gone through transformations from Go to Clojure to (now) Rust with Python bindings. it uses Zydis to disassemble bytes to instructions and has routines to extract control flow and call graphs from these instructions. it also contains algorithms that attempt to identify function start addresses, such as through call target analysis, entry points, pattern matching, etc.

file features are provided by pefile as lancelot doesn't attempt to replicate this parsing logic.

it was pretty straightforward to develop this backend. a major lesson i learned is exactly what features an analysis system must provide in order to be integrated with capa. to summarize:

• enumerate functions
• enumerate basic blocks
• enumerate instructions
• extract mnemonics
• extract operand "targets" when referencing memory (e.g. call targets)
• extract operand immediates
• read from loaded PE addresses

overall, it took maybe 16 hours to build out this backend. i think we can take its structure as a template for integrating with other systems, such as miasm or maybe ghidra.

TODO:

• add shellcode workspace support

[williballenthin]

testing updates backported and proposed in #236

[williballenthin]

i've fixed the test handling so that appropriate tests run under py2 and py3:

[williballenthin]

and with that, gh actions now run tests for both py2.7 (vivisect) and py3.8 (lancelot):

[williballenthin]

closing due to lack of attention. can re-open in the future.