Add `grandparent_process` into `process`, fight process-related recursion

[jonrau-at-queryai]

Currently, the process object in has a nested parent_process object typed as a Process. This creates two issues

1. Modeling "grandparent" processes is a bit unclear and leads to additional mapping - in a Detection Finding context mapping a Crowdstrike Alert of grandparent_details.cmdline would be normalized as evidences.[0].process.parent_process.parent_process.cmd_line. This level of nesting is hard to grok unless the end user (analyst, det. engineer, etc.) was familiar with the concept.
2. It creates a possible recursion issue where you can have multiple chains of process.parent_process.parent_process.

In the short term, it would be easier to have a new Object of grandparent_process added. This avoids an extra level of nesting to avoid mistakes with mapping and analysis, and accommodates Crowdstrike Alerts, Detects, Falcon Data Replicator events (several dozen in fact), and Defender XDR/Advanced Hunting tables such as DeviceFileInfo and DeviceProcessInfo.

Longer term, it would make sense to have dedicated parent_process and grandparent_process objects that do not have any recursion present. I have never seen a tool with great_grandparent_process and Evidences[] already supports multiple entries as it is for this type of modeling.