Feature Request: new `download` flag for easy exclusion of filesystem modules

[TrebledJ]

This issue proposes a download flag for modules. This allows for easy exclusion of modules producing FILESYSTEM events rather than explicitly specifying modules. Doing a manual blacklist or whitelist may lead to accidental inclusions/exclusions. Some of us just want a lightweight scanner. :)

Moreover, the recent bbot CVEs highlight dangers to downloading files, with 3 of the 4 vulnerabilities related to the filesystem.

N.B. Modules which both consume and produce FILESYSTEM events (e.g. unarchive) do not have the flag applied. If that is desired, perhaps we can change the flag to filesystem.

At the moment, I haven't modified any of the default presets. But that is something I would like-- i.e. opt-in downloads + auto-analysis rather than opt-out.

I've made PRs to both stable and 3.0. You may do with these as you wish.

Companion PRs:

• feat: introduce new download flag to modules #2757
• feat: (3.0) introduce new download flag to modules #2758

Let me know if I should close a particular PR or if there are other files I should update. I am unaware whether the docs are auto-generated.

[TheTechromancer]

Thanks, this is a good feature to add. The docs will autogenerate.