evtx_dump: support reading EVTX from stdin

[omerbenamram]

Fixes #236

Problem

evtx_dump -o jsonl /dev/stdin fails with Illegal seek because EVTX parsing requires Read + Seek (header/chunk offsets, stream length).

Solution

• Accept - (and common Unix stdin aliases like /dev/stdin, /dev/fd/0) as input.
• Buffer stdin into an anonymous temp file, rewind, then parse normally.

Extras

• Add an integration test asserting stdin vs file input parity for a selected record.
• Fix a clap value type mismatch for --events that could panic.
• Serialize the pty-based interactive CLI tests to avoid flakiness under parallel test execution.

Usage

cat security.evtx | evtx_dump -o jsonl -

---

Note

Add stdin support to evtx_dump by buffering to a tempfile, fix --events parser, and add tests/docs.

• CLI (evtx_dump)
  • Add stdin input support: accept - and common stdin paths; buffer stdin to a tempfile and parse via EvtxParser::from_read_seek (open_parser, is_stdin_input).
  • Fix --events handling: parse into typed Ranges via a value parser to prevent panics.
  • Improve INPUT arg help and minor logging/messages.
• Tests
  • New integration test asserting parity between file input and stdin (tests/test_cli.rs).
  • Serialize pty-based interactive tests with a global Mutex and separate module (tests/test_cli_interactive.rs).
• Docs
  • README: add example piping EVTX via stdin using -o jsonl -.
• Build/Deps
  • Add optional tempfile dep and include it in evtx_dump feature.
  • Add non-Windows dev-dep rexpect for interactive tests.

^{Written by Cursor Bugbot for commit 6feddae. This will update automatically on new commits. Configure here.}