add general BITS usage detection

[akshat4703]

Summary
Implements #967 by adding a general rule to detect usage of BITS (Background Intelligent Transfer Service).

What Changed
Added:
rules/communication/http/client/use-bits.yml

The rule detects:
COM-based BITS usage via the existing create BITS job rule

Command-line BITS usage such as bitsadmin, Start-BitsTransfer, or Set-BitsTransfer when process creation behavior is observed

Validation

capafmt passed
lint --thorough -t "use BITS" rules passed

[mike-hunhoff]

Thanks @akshat4703 , I've left comments for your review. Additionally, several architectural and precision refinements are needed:

1. Rule Consolidation: Move generic BITS job creation strings (e.g., bitsadmin /create, Start-BitsTransfer) into the existing create BITS job.yml rule to unify COM and CLI detection. Your proposed transfer files via BITS should then rely on match: create BITS job and focus strictly on intent-specific indicators like /addfile or /transfer.

2. Regex Precision: Add word boundaries (\b) to all new regex patterns to prevent false positives (e.g., /\bSet-BitsTransfer\b/i, /\bPendingFileRenameOperations\b/i). Specifically, remove the trailing space in /Set-BitsTransfer /i in favor of a word boundary.

3. Anchoring: Ensure the PendingFileRenameOperations registry rule is properly anchored with word boundaries for both the key and the path components to maintain function-scope reliability.

[akshat4703]

Thanks @akshat4703 , I've left comments for your review. Additionally, several architectural and precision refinements are needed:

1. Rule Consolidation: Move generic BITS job creation strings (e.g., bitsadmin /create, Start-BitsTransfer) into the existing create BITS job.yml rule to unify COM and CLI detection. Your proposed transfer files via BITS should then rely on match: create BITS job and focus strictly on intent-specific indicators like /addfile or /transfer.
2. Regex Precision: Add word boundaries (\b) to all new regex patterns to prevent false positives (e.g., /\bSet-BitsTransfer\b/i, /\bPendingFileRenameOperations\b/i). Specifically, remove the trailing space in /Set-BitsTransfer /i in favor of a word boundary.
3. Anchoring: Ensure the PendingFileRenameOperations registry rule is properly anchored with word boundaries for both the key and the path components to maintain function-scope reliability.

Thanks for the guidance — I have made the requested changes.

Rule consolidation
I have made the necessary changes to communication/http/client/create-bits-job.yml, including the inclusion of the generic bits job creation keywords (bitsadmin /create, Start-BitsTransfer, etc.), to consolidate both CLI and COM job creation detection.
I have created communication/http/client/transfer-files-via-bits.yml, which relies on match: create BITS job and only includes transfer intent keywords (/addfile, /transfer, Set-BitsTransfer, AddFile offset).

Regex precision
I have made the necessary changes to nursery/persist-via-bits-job.yml, including the replacement of trailing space keywords with boundary-based keywords (\bSet-BitsTransfer\b, \bStart-BitsTransfer\b, \b-NotifyCmdLine\b, etc.).
The new transfer rule has been made precise using boundary-based regex keywords to avoid false positives.

PendingFileRenameOperations anchoring + description
I have created nursery/persist-via-pendingfilerenameoperations-registry-value.yml, including a short description of the persistence method.
The path has been made precise by including boundaries (`\bSystem\(ControlSet\d{3}|Current