feat(heuristics): add SimilarProjectAnalyzer to detect structural similarity across packages from same maintainer

[AmineRaouane]

Summary

This PR adds a new heuristic analyzer called SimilarProjectAnalyzer. It checks whether a PyPI package has a similar file/folder structure to other packages maintained by the same user. This helps in identifying potentially malicious packages that replicate existing structures.

Description of changes

• Created a new analyzer: SimilarProjectAnalyzer.
• The analyzer fetches the list of maintainers of the target package and retrieves other packages published by those maintainers.
• For each package, it computes a normalized structure hash from its sdist tarball and compares it to the structure hash of the target package.
• If any match is found, the heuristic fails, flagging potential structural duplication.
• Added this analyzer to the heuristics.py registry.
• Modified detect_malicious_metadata_check.py to include and utilize the new heuristic.
• Added test cases to validate the functionality and edge cases of the analyzer.

Related issues

None

• I have reviewed the contribution guide.
• My PR title and commits follow the Conventional Commits convention.
• My commits include the "Signed-off-by" line.
• I have signed my commits following the instructions provided by GitHub. Note that we run GitHub's commit verification tool to check the commit signatures. A green verified label should appear next to all of your commits on GitHub.
• I have updated the relevant documentation, if applicable.
• I have tested my changes and verified they work as expected.