Add support for Sysmon v11 copy-on-delete

[jokezone]

The latest version of Sysmon added the ability to copy deleted/shredded files to a system root ArchiveDirectory. This archive directory is protected with a SYSTEM ACL which prevents users from accessing the contents. Since Update-Sysmon is intended to run as the SYSTEM account, it could be used to synchronize files in this directory with a central file share for analysis by threat hunters.