Add FOR610 tool/workflow knowledge base and data pipeline

Build comprehensive malware analysis knowledge base from 3 sources:
- SANS FOR610 course: 120 tools, 47 labs, 15 workflows, 27 recipes
- REMnux salt-states: 340 packages parsed from GitHub
- REMnux docs: 280+ tools scraped from docs.remnux.org

Master inventory merges all sources into 447 tools with help tiers
(rich/standard/basic). Pipeline generates: tools.db (397 entries),
397 cheatsheets with multi-tool recipes, 15 workflow guides, 224
TLDR pages, and coverage reports.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

data/generated/cheatsheets/jq.cheat

@@ -0,0 +1,22 @@
+# jq
+# Command-line JSON processor for extracting and transforming structured data
+# FOR610 Labs: 1.4 | Sections: 1
+
+% json, data-processing
+
+# Basic usage
+cat report.json | jq '.apis'
+
+# Recursive/follow references
+jq -r '.entry' report.json
+
+
+# --- Recipes (multi-tool chains) ---
+
+# >> Emulate Malware and Extract API Calls
+# Emulate and capture both JSON report and text log
+speakeasy -t <sample> -o report.json 2> report.txt
+# Extract all API names called
+jq '.entry_points[].apis[].api_name' report.json
+# Extract unique API names
+jq -r '.entry_points[].apis[].api_name' report.json | sort -u