Update backend to support Sigma Correlations

[kelnage]

The latest release of pySigma includes a feature known as Sigma Correlations (documented in the next version of the Sigma specification), which allows Sigma rules to look at a larger number of log events and use them to determine whether to produce an alert or not.

We should be able to achieve most (if not all) of the core Correlations functionality via LogQL's metric queries support.

Tasks

Beta Give feedback

1. Read Sigma Correlations PR to understand what the change does
2. Read the specification doc of the Sigma Correlations (aka. meta rules)
3. Read LogQL metric query doc to understand and investigate supported queries that map with Sigma Correlations
4. Implement the feature
5. Write tests
6. Release a new version
7. Add supported capabilities to the pySigma-plugin-directory repo

[kelnage]

This PR provides an example correlation rule that could be used for testing this feature once it is implemented.

[mostafa]

@kelnage As per our discussion yesterday, I assigned this to you.