Defer MITRE ATT&CK data imports in analyze.py to avoid network fetch on CLI startup

[Copilot]

sigma/cli/analyze.py imports mitre_attack_techniques_tactics_mapping and mitre_attack_version at module level. Since main.py unconditionally imports analyze_group from this module, every CLI invocation triggers a MITRE ATT&CK data download — including sigma pysigma update-cache --url mitre_attack:"./enterprise-attack.json", which is specifically intended to load from a local file on offline systems.

• Move the two sigma.data.mitre_attack imports from module scope into analyze_attack(), where they're actually used

# Before: module-level import triggers download on every CLI command
from sigma.data.mitre_attack import (
    mitre_attack_techniques_tactics_mapping,
    mitre_attack_version,
)

# After: deferred to function scope, only loads when `sigma analyze attack` runs
def analyze_attack(...):
    ...
    from sigma.data.mitre_attack import (
        mitre_attack_techniques_tactics_mapping,
        mitre_attack_version,
    )

This is consistent with how pysigma.py already handles the same imports via get_cache_datasets().