Update scan_pdf.py

[Derekt2]

Describe the change
This adds a regex to check for phone numbers in PDFs (in various nonstandard formats as used by Adversaries) and stores the phone numbers found in the Strelka output.
Adversaries may be using these techniques such as "Callback RAT" where a victim is instructed to call a phone number in a PDF: https://www.crowdstrike.com/blog/callback-malware-campaigns-impersonate-crowdstrike-and-other-cybersecurity-companies/

Describe testing procedures
Tested using emails with pdf attachments with phone numbers inside, and pdfs directly. Sample for testing: f16fbe567a72ebea8cea6faa5cea5d59 or use samples at https://www.virustotal.com/gui/search/content%253A%2522(864)%2520613-9654%2522/files

Sample output
new output = scan_pdf.phones, array of strings/text.

Checklist

• [ x] My code follows the style guidelines of this project
• [x ] I have performed a self-review of and tested my code
• [x ] I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• [ x] My changes generate no new warnings

[phutelmyer]

Tested. LGTM.

Additional output sample:

    "pdf": {
      "creation_date": "2019-05-21 04:24:01+08:00",
      "creator": "Adobe InDesign CC 13.1 (Windows)",
      "dirty": false,
      "elapsed": 0.079349,
      "embedded_files": {
        "count": 0
      },
      "encrypted": false,
      "flags": [
        "image_parsing_failure"
      ],
      "format": "PDF 1.4",
      "images": 1,
      "language": "en",
      "lines": 330,
      "modify_date": "2019-05-21 04:24:05+08:00",
      "needs_pass": false,
      "objects": {
        "mediabox": 5,
        "xobject": 6
      },
      "old_xrefs": true,
      "pages": 5,
      "phones": [
        "4083216300"
      ],
      "producer": "Adobe PDF Library 15.0",
      "repaired": false,
      "words": 2214,
      "xrefs": 358
    },