olevba+mraptor: detect and extract Excel 4 Macros (XLM/XLF)

[decalage2]

similar to oledump's plugin_biff.
Need to support different formats, which store XLM macros in different ways:

• XLS (BIFF)
• XLSM (XML) => moved to olevba: detect and extract Excel 4 Macros (XLM/XLF) in XLSM #415
• XLSB => moved to olevba: detect and extract Excel 4 Macros (XLM/XLF) in XLSB #416
• SLK => moved to olevba: detect and extract Excel 4 Macros (XLM/XLF) in SLK #417

References:

• https://blog.didierstevens.com/2019/03/15/maldoc-excel-4-0-macro/
• https://blog.didierstevens.com/2018/12/19/updateoledump-py-version-0-0-40/
• http://blog.inquest.net/blog/2019/01/29/Carving-Sneaky-XLM-Files/
• XLSM: https://twitter.com/DissectMalware/status/1091306980894040072
• XML entity encoding: https://twitter.com/DissectMalware/status/1092003809906384897
• samples: https://twitter.com/i/moments/1080201930448793600
• more samples: https://twitter.com/InQuest/status/1103193630360199168
• https://isc.sans.edu/forums/diary/Maldoc+Excel+40+Macros/24750/
• see interesting keywords page 18 of https://i.blackhat.com/asia-19/Thu-March-28/bh-asia-Hegt-MS-Office-in-Wonderland.pdf => should be detected both in XLM and VBA, when ExecuteExcel4Macro is used