[Services] Make the best behavior report the default one

[LordNoteworthy]

As a file can be scanned with multiple configuration:

1. Different OS
2. Different cmd line.
3. Different IP
4. Maybe a timeout

The sandbox service should look for:

1. Which behavior report raised a detection
2. Number of API events
3. Number of IOCs

And make it the default one.