Add Sigma rule ID extraction

[rolandpg]

Summary

Add regex pattern to extract Sigma rule IDs from CTI text.

Context

Sigma is the open standard for SIEM detection rules. CTI reports reference Sigma rules by name (e.g., sigma:apt28_cobalt_strike, Sigma Rule: win_susp_powershell_encoded_cmd). ZettelForge should extract these as entities.

• Sigma spec: https://github.com/SigmaHQ/sigma
• File to edit: src/zettelforge/entity_indexer.py
• Tests: tests/test_basic.py::TestEntityExtractor

Acceptance Criteria

• Add sigma_rule to REGEX_PATTERNS in entity_indexer.py
• Pattern matches: sigma:rule_name, Sigma Rule: rule_name, and bare Sigma rule IDs from SigmaHQ convention
• Add sigma_rule to ENTITY_TYPES
• Extracted entities appear in note.semantic.entities after remember()
• At least 3 test cases in tests/test_basic.py::TestEntityExtractor:
  • sigma:apt28_cobalt_strike extracts as sigma_rule
  • Sigma Rule: win_susp_powershell_encoded_cmd extracts as sigma_rule
  • Text without Sigma rules returns empty list for sigma_rule
• All existing tests still pass: pytest tests/test_basic.py -v

Example Input/Output

ext = EntityExtractor()
result = ext.extract_all("Detection via sigma:apt28_cobalt_strike")
assert "apt28_cobalt_strike" in result["sigma_rule"]