Detect ELF package notes from fedora binaries

[wagoodman]

#2396 adds the capability to detect binaries where there the .note.package on the binary is purely a JSON payload. This is a little different than what you'll find with a binary in a fedora distribution:

objdump -s -j .note.package /bin/ld

/bin/ld:     file format elf64-littleaarch64

Contents of section .note.package:
 039c 04000000 7c000000 7e1afeca 46444f00  ....|...~...FDO.
 03ac 7b227479 7065223a 2272706d 222c226e  {"type":"rpm","n
 03bc 616d6522 3a226269 6e757469 6c73222c  ame":"binutils",
 03cc 22766572 73696f6e 223a2232 2e34302d  "version":"2.40-
 03dc 31342e66 63333922 2c226172 63686974  14.fc39","archit
 03ec 65637475 7265223a 22616172 63683634  ecture":"aarch64
 03fc 222c226f 73437065 223a2263 70653a2f  ","osCpe":"cpe:/
 040c 6f3a6665 646f7261 70726f6a 6563743a  o:fedoraproject:
 041c 6665646f 72613a33 39227d00           fedora:39"}.

Note the header at the top before the JSON payload. Based on the documentation the prefix is a ELF section header:

typedef struct {
	Elf_Word	sh_name;
	Elf_Word	sh_type;
	Elf_Word	sh_flags;
	Elf_Addr	sh_addr;
	Elf_Off	sh_offset;
	Elf_Word	sh_size;
	Elf_Word	sh_link;
	Elf_Word	sh_info;
	Elf_Word	sh_addralign;
	Elf_Word	sh_entsize;
} Elf_Shdr;

It would be ideal to eventually be able to decode .note.package sections that are not purely JSON payloads.