Peter M. Groen / oletools

WIP: oleform: add support for other types of controls

From tests, these controls are in fact possible to see in the f stream.
Their childs will be part of sub stream, with a path containing the
id of the object

Padded structures are in fact lazily padded: the pad is only applied when
needed, not immediately. For example considering the following struct:
```
| a (1B, opt) | b (1B, opt) | c (1B, opt) | d (1B, opt) |
| ... pad ... |
| e (4B, opt) |
| f (2B, opt) | ... pad ...|
```
If only a and f are present (all other optional parts not used), the
actual content will be: | a (1B) | pad (1B) | f (2B) |

The previous implementation resulted in:
| a (1B) | pad (3B) | f (2B) | pad (2B) |
which shifted the whole structure and failed...

Update clsid.py

ref: https://support.office.com/en-us/article/flash-silverlight-and-shockwave-controls-blocked-in-office-2016-55738f12-a01d-420e-a533-7cef1ff6aeb1

Csv formula extension

Update clsid.py (CVE-2018-8174)

CVE-2018-8174: https://securelist.com/root-cause-analysis-of-cve-2018-8174/85486/

Uses the same technique as CVE-2017-0199 in the RTF document.
URL Moniker ---> Media Negotiation(server returns content-type: text/html, CVE-2017-0199 server returns content-type: application/hta, which was already blocked by "IActivationFilter" in MSO.DLL) ---> HTML triggers a vulnerability in vbscript.dll(CVE-2018-8174)

remove a duplicated key

oleid: detect OpenXML encryption