When a Sigma rule writer wants to create a list of values where all of
them must be matched for the rule to trigger, the approach used
previously was to have an `all of` condition for a single selector.
However, this has now changed, and the new approach is to use an empty
key and the |all modifier (i.e., `'|all'`).
This commit (tries to) identify all the rules that used the old
approach and modifies them to use the new approach instead.
See SigmaHQ/sigma-specification#53 for further discussion.
Nick Moore
0312c481d9