[backend/frontend] feat(stix): introduce platform affinity (#4517)

[antoinemzs]

Proposed changes

• Match default asset rules with provided platform affinity
• Default to [windows, linux, macos] when no affinity is set
• Deliver configuration to openaev instance for creating defaut asset groups and associated rules

Testing Instructions

1. Create security coverage in OCTI with various combinations of Platform Affinity
2. OAEV scenario should create injects based on chosen platforms with non mixed asset groups
3. There should be 3 new default asset rules based on 3 new tags: "security coverage: %s" where %s is one of windows, linux, macos
4. There should be non mixed asset groups assigned to these rules with matching platform (both arm64 and x86_65 archs should be assigne to the same default asset rule)

Related issues

• Closes [SC☂️] Platform-Aware Payload and Asset Selection => platform_affinity logic #4517

Checklist

• I consider the submitted work as finished
• I tested the code for its functionality
• I wrote test cases for the relevant uses case
• I added/update the relevant documentation (either on github or on notion)
• Where necessary I refactored code to improve the overall quality
• For bug fix -> I implemented a test that covers the bug

Further comments

If this is a relatively large or complex change, kick off the discussion by explaining why you chose the solution you did and what alternatives you considered, etc...

[codecov]

Codecov Report

❌ Patch coverage is 93.22034% with 12 lines in your changes missing coverage. Please review.
✅ Project coverage is 50.74%. Comparing base (b8c0b6a) to head (1078b21).

Files with missing lines	Patch %	Lines
.../src/main/java/io/openaev/rest/tag/TagService.java	65.00%	6 Missing and 1 partial ⚠️
...s/V20260107_Tags_and_tagrules_and_assetgroups.java	93.61%	2 Missing and 1 partial ⚠️
...openaev/datapack/packs/V20260101_Starter_pack.java	97.14%	1 Missing ⚠️
.../openaev/service/stix/SecurityCoverageService.java	91.66%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##             master    #4685      +/-   ##
============================================
+ Coverage     50.57%   50.74%   +0.17%     
- Complexity     3708     3737      +29     
============================================
  Files           903      908       +5     
  Lines         26819    26936     +117     
  Branches       2012     2018       +6     
============================================
+ Hits          13563    13669     +106     
- Misses        12437    12445       +8     
- Partials        819      822       +3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[RomuDeuxfois]

Seems unused.

[RomuDeuxfois]

It feels a bit odd to block a parent entity based on a child entity. Just a personal impression.

[RomuDeuxfois]

Relative to the Tag, so it should be placed on the Tag entity, right?

[RomuDeuxfois]

This is our new way to run starter pack feature right ?

[RomuDeuxfois]

Seems unused.

[RomuDeuxfois]

Should we keep OpenCTI as the source for security coverage ?

[RomuDeuxfois]

Seems unused.