Re-enable and refactor code that validates the specific counts of each risk event matched to each observable

[cmcginley-splunk]

• The original version of this feature tried to validate that there was en equal amount of matched risk events for each relevant observable
• This logic was faulty, as some observables may have more corresponding risk events than others (could be due to sparse field values, or because a certain field might be a list of values, and we would get a risk event for each element of that list)
• To re-enable this code, we would need to count the number of values in the corresponding field of each event returned by the search query (e.g. if we have multiple values in the target field of one of the returned events, we would expect one risk event for each value in that field)
• See 'Excessive Usage Of Cacls App' for an example of this (we'd expect more occurences of the process_name observable than the dest observable)