MeterpreterOptions break-up and default extension loading removal

[dledda-r7]

This PR is related to #19975
In order to reduce the memory footprint of Meterpreter on target system is necessary to be sure only necessary code is loaded inside Meterpreter.

While working on standard api split, I noticed the presence of two extensions that were loaded without the user knowladge, priv and unhook.
This PR modifies the loading logic to use a datastore option AutoLoadExtension which contains a ';' separated list of extensions to load. At the moment inside lib/msf/base/sessions/meterpreter.rb is present a code block (commented) that keep the compability of the current working logic of Meterpreter.

Since the AutoLoadExtension logic depends on the platform, the break-up of meterpreter_option.rb to platform-specific option was necessary.

Tasks:

• meterpreter_options/common.rb
• meterpreter_options/linux.rb
• meterpreter_options/windows.rb
• meterpreter_options/android.rb
• meterpreter_options/osx.rb
• meterpreter_options/python.rb
• meterpreter_options/php.rb
• meterpreter_options/java.rb
• meterpreter_options/apple_ios.rb
• meterpreter_options/bsd.rb
• Remove meterpreter_options.rb

[dledda-r7]

Also blocked by #19799
because need of modify: tools/modules/meterpreter_reverse.erb

To future me: modify it to have the architecutre specific MeterpreterOptions

Let's resolve the conflicts once one of them is landed.

[adfoster-r7]

Might be worth a quick data-mine to see if splitting by , is more common as a pattern, as well as stripping whitespace etc, to handle stdapi, priv etc

Long-term: Maybe we should have an Opt for supporting a comma separated values for handling this consistently

[adfoster-r7]

Maybe we should have some begin/rescue/ensure block mechanisms here so that if an extension fails to load, the output can be safely re-enabled again

[adfoster-r7]

Suggested change

	include Msf::Sessions::MeterpreterOptions::<%= platform.split('_').each { |s| s.capitalize! }.join %>
	include Msf::Sessions::MeterpreterOptions::<%= platform.split('_').each { |s| s.casecmp?('osx') ? 'OSX' : s.capitalize! }.join %>

Or we can change lib/msf_autoload.rb - but I believe OSX is the existing convention to follow

[adfoster-r7]

Maybe we can keep this around in MSF 7 still; maybe we could just change the default behaviors in the upcoming malleable profile config file setup that we're wanting to ship so that these aren't loaded by default, and they need to be opt-in. That way we're being less detected by default, rather than fighting against these older default values

[msutovsky-r7]

I'm wondering whether this isn't maybe bit redundant in some cases:
payload/linux/x64/meterpreter_reverse_tcp has two advanced datastore options AutoLoadExtensions and AutoLoadStdapi, which basically do the same thing (?). The AutoLoadExtensions has stdapi as value and AutoLoadStdapi is set to true, so if I understand correctly, it does the same thing. Wouldn't it be better to either set AutoLoadStdapi to false by default or remove stdapi from AutoLoadExtensions for those payloads which have AutoLoadStdapi set to true?

[msutovsky-r7]

Suggested change