[Connectors] Fix valid_from date in some connectors + format files + correct relationships direction

[helene-nguyen]

Proposed changes

The valid_from and valid_until fields generated in Python within some connectors logic are not predictive, contrary to the expectations of OpenCTI platform's mechanisms. These fields, like IDs, must always be predictive. Otherwise, it is preferable to leave them empty, allowing the platform to populate them with its algorithms and rules.

Currently, using now for these fields when no data is provided disrupts the decay logic and other business processes implemented within OpenCTI. Moreover, this approach is redundant, as the platform already defaults to now when the fields are left empty.

• Remove now date from valid_from attributes and replace by original and immutable date OR remove the field

Other changes

• Fix format for Crowdsrtike IOC builder file
• Fix format for Proofpoint TAP
• Fix relationships: The relationship between observables and "threats" or "incidents" (threat actor, intrusion set, campaign, incident, etc.) should always be "Observable" => related-to => "Threat".

Related issues

• [Recorded Future] Invalid valid_from/valid_until logic affecting decay mechanisms on OpenCTI Platform #3245
• [Recorded Future] Connector is creating relationships in the wrong direction #3263

Checklist

• I consider the submitted work as finished
• I tested the code for its functionality using different use cases
• I added/update the relevant documentation (either on github or on notion)
• Where necessary I refactored code to improve the overall quality

Further comments

[Powlinett]

Looks good to me 👍