Firepit

Concurrency fixes: you should now be able to create separate storage objects per thread and `cache()` bundles concurrently.

- Make sure rename_view can overwrite an existing view
- query: fix handling of comparing lists to null
- Add missing ujson dependency
- github actions shenanigans

- PostgreSQL: switch from `BIGINT` to `NUMERIC` to handle unsigned 64-bit ints. We need to eventually do something smarter since lots of numeric fields (like `src_port` and `dst_port`) don't require anything more than `INTEGER`.
- Add optional batchsize keyword param to cache() for performance tuning

Fixes 17: CardinalityViolation: ON CONFLICT DO UPDATE command cannot affect row a second time

Multiple PostgreSQL fixes:
- IncompatibleType/DependentObjectsStillExist exception when redefining a viewname
- port values of 0 turned into NULL
- STIX patterning `NOT MATCHES` operator not working (always returns nothing)

- postgresql: create UNLOGGED tables for faster insertion. Since the data is presumably stored elsewhere (i.e. either the files you pass to `cache()` or the original systems you got your data from) this seems like a reasonable tradeoff.
- markroot: mark entire trees; i.e. when a process references a file and another process (i.e. it's parent), mark both the child process AND it's binary_ref file as "roots". This is useful when trying to reconstruct the original observations (via SQL LEFT OUTER JOIN - when joining the `observed-data` table to the SCO tables, add the condition `AND x_root IS NOT NULL`. This, combined with the DISTINCT clause, should be enough to prevent any "duplicate" rows resulting from the join.