Add rule for zlib fast inflate

[priyank766]

Closes #494.

Adds a function-scope rule, decompress data using ZLIB fast inflate, for Chris Anderson's x86 assembly implementation of zlib inflate_fast, based on the assembly implementation referenced in the issue.

Validation:

• ran scripts/capafmt.py on the new rule
• local example-based lint is currently blocked because the referenced capa-testfiles sample is not available as a readable file in my environment

Reference:

• https://github.com/madler/zlib/blob/cacf7f1d4e3d44d871b605da3b647f07d718623f/contrib/masmx86/inffas32.asm

[priyank766]

@mike-hunhoff & @mr-tz Can you please review it

[priyank766]

@mike-hunhoff i removed the unnecesarry reference line
i wanted to know about this failed check why it is failed ?? i think capa-testfiles i have to create it in the test-files repo can i do that ??

[mike-hunhoff]

@priyank766 rule_linter error:

INFO     lint: rule "decompress data using ZLIB fast inflate" does   lint.py:409
         not match for sample                                                   
         c2ba065654f13612ae63bca7f972ea91c6fe97291caeaaa3a28a180fb19            
         12b3a.dll_                                                             

 decompress data using ZLIB fast inflate
  FAIL: doesn't match on referenced example: Fix the rule logic or provide a 
different example

rules with FAIL:
  - decompress data using ZLIB fast inflate

Please ensure all unit tests pass locally before requesting another review.

[priyank766]

@mike-hunhoff So sorry about jumping the gun on the review.

I was actually trying to run the linter locally, but Windows Defender kept silently deleting the test sample from capa-testfiles every time I downloaded it . Because of that, my local tests were just failing with a "missing example" error rather than showing me the actual logic failure, so I mistakenly thought the GitHub CI was just acting up.

After digging into the assembly source, I finally saw my mistake: the "Fast decoding" string is just an unreferenced watermark in the binary, and the mask bytes are in an external data table. Since the rule is scoped to the function body, capa couldn't actually match them!

I just pushed a new commit removing those two unreachable features, so the rule should perfectly match the function scope now. I'll make sure everything is completely green before asking for another review next time!