feat(rules): New Clickfix phishing via browser dialog box rule

[rabbitstack]

What is the purpose of this PR / why it is needed?

Identifies a ClickFix-style social-engineering phishing attempt and its FileFix evolution where a web page coerces a user into interacting with a trusted File Explorer address bar so that a clipboard-pasted value executes a command on the host. Attackers use convincing browser lures (fake CAPTCHAs, shared-file prompts, account-suspension pages, etc.) to cause the browser to open a native dialog or explorer window and simultaneously place a malicious command on the clipboard. When the user pastes that content into the trusted UI it runs with their privileges, often bypassing Mark-Of-The-Web checks and many automated protections.

What type of change does this PR introduce?

---

Uncomment one or more /kind <> lines:

/kind feature (non-breaking change which adds functionality)

/kind bug-fix (non-breaking change which fixes an issue)

/kind refactor (non-breaking change that restructures the code, while not changing the original functionality)

/kind breaking (fix or feature that would cause existing functionality to not work as expected

/kind cleanup

/kind improvement

/kind design

/kind documentation

/kind other (change that doesn't pertain to any of the above categories)

Any specific area of the project related to this PR?

---

Uncomment one or more /area <> lines:

/area instrumentation

/area telemetry

/area rule-engine

/area filters

/area yara

/area event

/area captures

/area alertsenders

/area outputs

/area rules

/area filaments

/area config

/area cli

/area tests

/area ci

/area build

/area docs

/area deps

/area evasion

/area other

Special notes for the reviewer

---

Does this PR introduce a user-facing change?

---