Windows: Adds scheduled tasks plugin

This adds a plugin 'ScheduledTasks' that can decode binary-encoded
scheduled tasks from the Windows registry's SOFTWARE hive using a custom
reader that extends the `io.BytesIO` class. Decoding operations are
intended to be as fault tolerant as possible, swallowing exceptions and
returning `None` to account for smear or missing data.

Because each task can have mulitple triggers and multiple actions, a
single entry is generated for each trigger + action pair. In the event
that the either the actions could not be parsed or the triggers could
not be parsed due to missing or smeared data, an entry will still be
generated using the available information from the other registry value,
since trigger and action data is stored separately.

Much more information is decoded than is rendered, this was done
intentionally to avoid overpopulating the TreeGrid with less pertinent
data and to avoid an explosion of trigger and action-specific fields that
may not apply to most other entries.

Author: dgmcdona

volatility3/framework/layers/registry.py

@@ -170,6 +170,9 @@ def get_key(
         return_list specifies whether the return result will be a single
         node (default) or a list of nodes from root to the current node
         (if return_list is true).
+
+        Raises RegistryFormatException if an invalid structure is encountered
+        Raises KeyError if the key is not found
         """
         root_node = self.get_node(self.root_cell_offset)
         if not root_node.vol.type_name.endswith(constants.BANG + "_CM_KEY_NODE"):