Add FOR610 tool/workflow knowledge base and data pipeline

Build comprehensive malware analysis knowledge base from 3 sources:
- SANS FOR610 course: 120 tools, 47 labs, 15 workflows, 27 recipes
- REMnux salt-states: 340 packages parsed from GitHub
- REMnux docs: 280+ tools scraped from docs.remnux.org

Master inventory merges all sources into 447 tools with help tiers
(rich/standard/basic). Pipeline generates: tools.db (397 entries),
397 cheatsheets with multi-tool recipes, 15 workflow guides, 224
TLDR pages, and coverage reports.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

data/generated/cheatsheets/pdfid.py.cheat

@@ -0,0 +1,35 @@
+# pdfid.py
+# Scan PDF files for suspicious keywords like /JavaScript, /OpenAction, /Launch without parsing
+# FOR610 Labs: 3.1 | Sections: 1, 3 | Author: Didier Stevens
+# Docs: https://docs.remnux.org/discover-the-tools/analyze+documents/pdf
+
+% pdf, static-analysis, triage, didier-stevens
+
+# Basic usage
+pdfid.py document.pdf
+
+# Suppress default output
+pdfid.py -n document.pdf
+
+
+# --- Recipes (multi-tool chains) ---
+
+# >> Extract Embedded Object from PDF
+# Scan for suspicious keywords
+pdfid.py <document.pdf>
+# Find objects containing the keyword
+pdf-parser.py <document.pdf> -s /URI
+# Extract all values for that keyword
+pdf-parser.py <document.pdf> -k /URI
+# Dump a specific object to file
+pdf-parser.py <document.pdf> -o <obj_id> -d extracted_object
+# View extracted image
+feh extracted_object &
+
+# >> Extract JavaScript from PDF
+# Check if PDF contains JavaScript
+pdfid.py <document.pdf>
+# Find objects with JavaScript
+pdf-parser.py <document.pdf> -s /JavaScript
+# Interactive analysis with peepdf
+peepdf -i <document.pdf>