GhidraPython: add type application, interface struct annotation, Go primitive types, and source comments

[Krish-Anand-dev]

Description

This PR improves GhidraPython/goresym_rename.py by closing the feature gap
between the Ghidra script and the IDA plugin. It also adds a new section to
the README documenting how to interpret GoReSym output during malware analysis.

All existing behaviour is fully preserved — new code runs after the original
labeling block, so a failure in any new function cannot prevent core renaming
from completing.

---

Changes

GhidraPython/goresym_rename.py

Four additive improvements, no existing logic removed or modified:

1. register_go_primitives(dtm)
Registers GoString, GoSlice, and GoIface as proper Ghidra
StructureDataType objects under a /Go category in the data type manager.
IDA's script did this via idc_parse_types(). Ghidra had no equivalent —
without these base types, any recovered struct referencing a string or slice
field has nothing to resolve against.

2. apply_types(types, dtm)
Parses the CReconstructed C-like struct definitions from GoReSym's JSON output,
builds a StructureDataType per type, and applies it at the type's virtual address
via listing.createData().
This is the single largest gap compared to IDA's script, which called
idc_parse_types() + apply_tinfo() per type. Analysts now see named fields
in the decompiler view instead of raw bytes.

3. apply_interfaces(interfaces, dtm)
The original script passed interfaces to annotate(), which only created a label.
IDA's script additionally cleared the item and applied abi_Type tinfo.
This change mirrors that behaviour by applying the GoIface struct layout at each
interface VA, making tab/data pointer fields visible in the listing.

4. annotate_func_source(user_funcs, offset)
Writes // Source: file.go:42 as a PRE_COMMENT on each user function's entry
point, using the FileName and LineNumber fields GoReSym already recovers when
-p is used.
Neither the original Ghidra script nor IDA's script did this. Analysts can now
see the original source file location directly in the disassembly listing without
cross-referencing the JSON separately.

---

README.md

Added a new section "Interpreting GoReSym Output (for Reverse Engineering)"
that documents the key output fields (UserFunctions, Strings, Types,
Files & Line Information) and a practical 5-step triage workflow for analysts
working on Go-based malware. This addresses a gap in the existing docs — the
README explained how to run the tool but not how to use the output.

---

Testing

• Tested against a stripped Go 1.21 ELF binary in Ghidra 10.3 (Jython)
• Verified that register_go_primitives correctly populates the /Go category
  in the Data Type Manager
• Verified that apply_types creates named struct fields at type VAs
• Verified that apply_interfaces applies GoIface layout at interface addresses
• Verified that source comments appear as PRE_COMMENTs in the listing view
• Verified that all original renaming behaviour is unchanged when new fields
  (Types, Interfaces, FileName) are absent from the JSON

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.