Add support for custom named pipe permissions

[doronshemtov]

• Allows to set custom permissions for the named pipes that are used for communicating with the monitoring DLL.

• Creates a custom security descriptor using an SDDL string provided by an analysis option ("custom_pipe_sddl").

• Main use case: monitored DLL is injected into a low-integrity process and doesn't have sufficient permissions to access a named pipe with default security descriptor.

[yoniabrahamy]

LGTM. Just in general, what are the values we can deliver for custom_pipe_sddl?

[doronshemtov]

@yoniabrahamy https://docs.microsoft.com/en-us/windows/win32/secauthz/security-descriptor-string-format

[kevoreilly]

In which scenario(s) are processes being launched with low integrity?

[doronshemtov]

@kevoreilly For example Firefox and other browsers are rendering content in a low-integrity child processes.
Unfortunately it is not always enough in order to monitor these browsers since they have additional sandboxing capabilities, but it should at least allow capemon to communicate if it was able to load into these processes.

[kevoreilly]

Ah right I see - a good reason. As you say monitoring modern browsers isn't trivial and I have spent a lot of time looking for api hook exclusions to try and get them working better in cape... ultimately to no avail. But I would definitely appreciate hearing how you get on in this area.