Support left-, right- and two-tailed anomaly detection in general

[williewheeler]

In many cases, we want to generate anomalies only if observations fall too far on either one or the other side of some point forecast. For example, for bookings, we generally care more about bookings drops than spikes. (Bookings spikes can be anomalous and interesting too, but generally we care more about drops.) Another example would be Haystack telemetry, where we care about spikes in the error rate, latencies and durations. We would care about both spikes and drops in request volume.

We already support one-/two-tailed constant threshold detectors, but not others. We need to extend this support to some common cases, including EWMA, PEWMA and Holt-Winters. The solution should be such that we can apply it to other detectors based on point forecasts.

Start with:

• EWMA
• PEWMA
• Holt-Winters

[williewheeler]

One of the interesting things I notice is that we use AnomalyThresholds in two distinct ways. We use it to define model params for constant threshold detectors. But the other detectors use it to describe an interval forecast at a given point in time.

I don't think we want to use it in both of these different ways. In particular I don't think it's appropriate for specifying model params because in most other cases we specify sigmas or some other relative way of defining bands. I'm thinking that we make band-related params explicitly so, and recast anomaly thresholds as interval forecasts.