NTFS streams solution for NOB_EXPERIMENTAL_DELETE_OLD on Windows

[EdoardoFigini]

Yet another potential solution for NOB_EXPERIMENTAL_DELETE_OLD on Windows.

Changes:

• added stream renaming in nob_delete_file before DeleteFileA call.

Deleting the running executable on Windows is not possible, since the Image of the running process is mapped in memory from nob.exe.old and a reference to the file is kept.
If we simply rename the file on disk the process will reference the newly named file, making it impossible to delete.

A trick that can be used to delete nob.exe.old is to take advantage of NTFS streams.
In essence we can rename the standard data stream nob.exe.old:$DATA to nob.exe.old:del, making the process reference the newly created data stream for its Image.
At this point nob.exe.old is no longer referenced in the memory of the process, making it possible to be marked for deletion.

In NTFS deleting a file will also remove all data streams that belong to it.
Deleting nob.exe.old will succeed since the process keeps a reference to the :del data stream and the :del stream will vanish because it belonged to nob.exe.old.

This will leave no trace on the disk of any executable.

Here's what the Memory looks like inside Process Hacker 2 after succesfully deleting nob.exe.old:

This is a partial solution to #111 since it requires the current Volume to support NTFS.

PS: I left a long comment in the code with roughly the same stuff explained here to (hopefully) make it less of a pain to review.
I think it should be removed after reviewing since it bloats the file.