Add FOR610 tool/workflow knowledge base and data pipeline

Build comprehensive malware analysis knowledge base from 3 sources:
- SANS FOR610 course: 120 tools, 47 labs, 15 workflows, 27 recipes
- REMnux salt-states: 340 packages parsed from GitHub
- REMnux docs: 280+ tools scraped from docs.remnux.org

Master inventory merges all sources into 447 tools with help tiers
(rich/standard/basic). Pipeline generates: tools.db (397 entries),
397 cheatsheets with multi-tool recipes, 15 workflow guides, 224
TLDR pages, and coverage reports.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

data/generated/cheatsheets/speakeasy.cheat

@@ -0,0 +1,23 @@
+# speakeasy
+# Windows binary emulator — emulates API calls to analyze malware behavior without native execution
+# FOR610 Labs: 1.4 | Sections: 1
+# Docs: https://docs.remnux.org/discover-the-tools/statically+analyze+code/pe-files
+
+% emulation, api-calls, behavioral-analysis
+
+# Basic usage
+speakeasy -t specimen.exe -o report.json 2> report.txt
+
+# Show all results
+speakeasy -t shellcode.bin -r -a x86
+
+
+# --- Recipes (multi-tool chains) ---
+
+# >> Emulate Malware and Extract API Calls
+# Emulate and capture both JSON report and text log
+speakeasy -t <sample> -o report.json 2> report.txt
+# Extract all API names called
+jq '.entry_points[].apis[].api_name' report.json
+# Extract unique API names
+jq -r '.entry_points[].apis[].api_name' report.json | sort -u