yara-generator: add validator, bump version & rules

[Neo23x0]

Add a new validate-malicious-rules.py tool to run YARA scans against repo samples and produce JSON/text summaries; expand bin/yara-generator/README.md with pyenv/venv setup, usage, defaults, troubleshooting and validation guidance.

Update yara-generator.py: bump version to 0.5.0, introduce SCRIPT_DIR/DEFAULT_* paths, add -f log-file support, harden YAML parsing and logging, fix filename/tag handling, adjust filename-matching expression, and other small cleanups. Regenerate/modify several YARA rule files (meta, hashes, names, dates, string content and filesize thresholds) to reflect updated rule output.

[josehelps]

Nice work @Neo23x0 thank you!

A few things before merge:

1. README has hardcoded paths — /Users/neo/code/Workspace/LOLDrivers appears in several code blocks. Swap for a generic placeholder or relative paths.
2. args.json shadows the json module — minor, but --json-output / dest="json_output" would be cleaner.

I was thinking of making validate-malicious-rules.py a CI job.
Here are some thoughts around that

The script is already set up for it (--json, --skip-generate). Main blockers: runners need yara installed, and the script always exits 0 even when there are unexplained missing samples. I'd add a non-zero exit for missing_reasons["unknown"] > 0, gate it on changes to bin/yara-generator/, yaml/, or detections/yara/, and start as a non-blocking check.

what do you think, worth it? Might help keep a regression prevention system for the generated yara rules.