update hiberfile (XPRESS) and add test vectors

[simsong]

After spending 20-30 hours investigating, I'm disabling the scan_hiberfile scanner by default because I'm not convinced that it's actually doing anything. I've looked at feature files that find features with HIBERFILE in the forensic path and the same features appear in the uncompressed text.

XPRESS has evolved in the decade since we incorporated the old pyexpress code from pyflag and I do not have a current version of it. However, I do have references to new code implementations. I will incorporate them if I can get some test vectors.

References:

• https://github.com/coderforlife/ms-compress
• https://github.com/comaeio/rust-lzxpress
• https://wimlib.net/compression.html
• https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-wusp/3e24630e-8000-4894-a967-315df7ed996e
• https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-xca/a8b7cb0a-92a6-4187-a23b-5e14273b96f8
• https://www.reddit.com/r/windows/comments/ftoxab/anyone_use_the_new_xpresslzx_ntfs_compression/
• https://www.coderforlife.com/microsoft-compression-formats/ (Has LZ, LZSS, LZ77, LZX, LZ77 & DIRECT2, LZ77 & Huffman)

[simsong]

@jonstewart - you mentioned that you might have a source for a test vector here?