Only enable rule files that are applicable to the loaded evtx files

[hitenkoku]

Scanning can be even more efficient by only enabling only rules that apply to the loaded .evtx files. For example, if the scan is done against a single Security.evtx file then even if all rules are loaded, in the background, we should only enable rules with Channel: Security defined. Normally only a single .evtx file should only contain data of the same Channel, so we can check what Channels to scan by checking the first record of the .evtx file.

If users want to enable all rules to be applied to .evtx regardless of the defined Channel, then they can use the --enable-all-rules option.

This issue applies to csv-timeline and json-timeline commands