[Flashpoint] Import CCM Alerts as Incidents

[Powlinett]

Proposed changes

• add FLASHPOINT_IMPORT_CCM_ALERTS and FLASHPOINT_FRESH_CCM_ALERTS_ONLY env/config vars
• handle import_start_date or connector's state last import
• create CompromisedCredentialSighting model and its submodels
• fetch objects of type credential-sighting from Flashpoint (aka CCM Alerts) since defined date
• map CompromisedCredentialSighting to stix2.Incident and its related SCOs/SDOs
• send bundles in a work dedicated to CCM alerts
• add unit tests for flashpoint_client module and converter_to_stix.py
• split last_run datetimes by type of imports in connector's state
• update README
• minor clean up / typing for the rest of the code

Related issues

• [FlashPoint]: Support for Compromised Credentials Monitoring (CCM) #2933

Checklist

• I consider the submitted work as finished
• I have signed my commits using GPG key.
• I tested the code for its functionality using different use cases
• I added/update the relevant documentation (either on github or on notion)
• Where necessary I refactored code to improve the overall quality

[flavienSindou]

This works fine but I think there is no need to freeze you model here. Feel free to correct me otherwise !

[Powlinett]

I thought it was better to freeze Flashpoint's objects to avoid modifying the data returned by their API, WDYT?

[flavienSindou]

I think this is a duplication of your data sample

[Powlinett]

Not quite sure if I understood correctly your comment, but I pushed a commit where I re-use the data sample in test_converter_to_stix.py. Let me know if it's not the expected fix ^^

[flavienSindou]

Thank you for this work @Powlinett !
The implemented features are clear, and the refactoring you did makes the code more robust and easier to read/maintain. The additional improvements, including the unit tests, the refactoring of the connector states management, and the various explanatory comments you added are very welcome !