Expand `observables` data types, add Name & ID pairs

[jonrau-at-queryai]

Currently the scalar values represented in observables.type_id have several "ID" types and several "Name" types without their pair being added which may matter to a source system. Additionally, there are data types defined in dictionary.json that do not have an Observable but should, port_t and subnet_t.

My proposal is as follows (PR to come from @query-jeremy or myself)

1. Add type_id = 11 to port_t and add type_id = 12 to subnet

2. Create the following data types and type_id pairs, in [brackets] will be the object attributes where the data type would be updated.

   • user_id_t: type_id = 13 [user.uid, user.alt_uid] - this is to match against Username for UPNs, ARNs, and other GUIDs for users in identity/directories
   • group_name_t: type_id = 14 [group.name] - net-new type to denote a variety of "groups" be it IAM, network security or hierarchy. There is an argument to be made to include organization.name and organization.ou_name as well
   • group_id_t: type_id = 15 [group.id] - pair to group name with an argument to add organization.id and organization.ou_id
   • vulnerability_id: type_id = 16 [cve.uid, cwe.uid] - could make the argument to also map to vulnerability.title as a quick reference to any identifier of a form of a vulnerability, weakness or bug such as CVE, CWE, GHSA, etc.
   • process_id_t: type_id = 17 [process.pid, process.tid,process.uid,process.parent_process.pid, process.parent_process.tid,process.parent_process.uid] - a pair to process name that also accounts for the various identifiers in the process object
   • resource_name_t: type_id = 18 [resource.name, device.name, endpoint.name] - a pair to Resource ID, any name, label or value from a "name" tag on a resource, computer, endpoint, etc.
   • user_agent_t type_id = 19 [http_request.user_agent] - used as an indicator semi-frequently and adds to the depth of network-related observables

3. I also noticed that #891 there was a mention to change some of the values there into scalars such as Location, Registry Key, Registry Value and Container that we could take up to add as scalar types directly after type_id = 30