Enable scan wizard by default

[YamatoSecurity]

It is common for users to complain about false positives when using sigma rules so now sigma has officially organized their rules based on their reliability/chance of FPs.
Here is the article for more information: https://medium.com/sigma-hq/introducing-sigma-rule-packages-releases-76043ce42e81

In summary:

+------------------------------+-------------------------------+------------------------+------------------------+
| name                         | status                        | level                  | type                   |
+------------------------------+-------------------------------+------------------------+------------------------+
| Core (Default)               | testing, stable               | high, critical         | core                   |
| Core+ (Rule Review needed)   | testing, stable               | medium, high, critical | core                   |
| Core++ (Experimental)        | experimental, testing, stable | medium, high, critical | core                   |
| Emerging Threats AddOn Rules | experimental, testing, stable | medium, high, critical | emerging threats       |
| All rules                    | experimental, testing, stable | medium, high, critical | core, emerging threats |
+------------------------------+-------------------------------+------------------------+------------------------+

In the csv-timeline, json-timeline, pivot-keywords-list commands, I want to ask the user which set of rules they want to use:

╔╗ ╔╦═══╦╗  ╔╦═══╦══╗╔╗ ╔╦═══╦═══╗
║║ ║║╔═╗║╚╗╔╝║╔═╗║╔╗║║║ ║║╔═╗║╔═╗║
║╚═╝║║ ║╠╗╚╝╔╣║ ║║╚╝╚╣║ ║║╚══╣║ ║║
║╔═╗║╚═╝║╚╗╔╝║╚═╝║╔═╗║║ ║╠══╗║╚═╝║
║║ ║║╔═╗║ ║║ ║╔═╗║╚═╝║╚═╝║╚═╝║╔═╗║
╚╝ ╚╩╝ ╚╝ ╚╝ ╚╝ ╚╩═══╩═══╩═══╩╝ ╚╝
   by Yamato Security

Start time: 2023/10/11 10:24

Total event log files: 1170
Total file size: 274.4 MB

Detection rule sets:

1. Core ( status: testing, stable | level: high, critical ) 
2. Core+ ( status: testing, stable | level: medium, high, critical ) 
3. Core++ ( status: experimental, testing, stable | level: medium, high, critical ) 
4. All alert rules ( status: * | level: low+ )
5. All event and alert rules ( status: * | level: informational+ )

Which set of detection rules would you like to load? (1/2/3/4/5): 1
Include Emerging Threats rules? (Y/n): y
Include Threat Hunting rules? (more false positives) (y/N): n

Loading detection rules. Please wait.

1. If the user specifies a number other than between 1-5, print the error message: You need to specify a number 1-5.

2. If the user specifies something other than y or n, then print the error message: You need to specify 'y' or 'n' for 'yes' or 'no'. If the user just hits Enter, then the default option is the upper case character.

3. If the user specifies to include ET rules, then we include rules with a tag of detection.emerging_threats. If the user specifies n to ET rules, then all rules with a tag of detection.emerging_threats are excluded.

4. If the user specifies to include TH rules, then we include rules with a tag of detection.threat_hunting. If the user specifies n to TH rules, then all rules with a tag of detection.threat_hunting are excluded.

5. When 4 or 5 is specified, then we do not ask the user:

Do you want to include Emerging Threats rules? (Y/n): y
Do you want to include Threat Hunting rules? (More FPs) (y/N): n

By default, we include all rules regardless of tags.

6. Under General Options, add -a, --no-asking Do not ask questions. Scan for all events and alerts. option. This will run Hayabusa in the traditional way.

7. The number and percent of rules loaded should be calculated based on what rules were actually loaded:

Deprecated rules: 108 (4.02%)
Experimental rules: 1384 (51.56%)
Stable rules: 197 (7.34%)
Test rules: 954 (35.54%)
Unsupported rules: 41 (1.53%)

Hayabusa rules: 159
Sigma rules: 2525
Total enabled detection rules: 2684

※ Similar to this issue: #1039