fix weird attack data links

[pyth0n1c]

These are a number of minor issues with attack_data links that should be fixed.
First, some of them refer to RAW, non-log files, such as .txt files. Those files
should be converted to LOG files so that they are available in gitlfs.

Second, some of the files use a slightly different path, such as a path
that includes /refs/, when they should not.

This is true for a handful of production detections as well as non-production detections,
such as experimental content.

However, even if something is experimental or deprecated, if it has an attack_data link, that link
should be validated to be correct. Right now, those are missed because that validation only happens
for tested content at contentctl test runtime.

When possible, we will move this validation to contentctl validate time when a local copy of the
attack_data repo is present.

[pyth0n1c]

I cannot find a fitting file for this in the current git repo or the git history. At one point this detection pointed at the following file, which does exist, but it is not correct. The name of the Analytic Story the search references, Active Directory Privilege Escalation, does not appear in ANY raw content in the attack_data repo (including old history, as far as I can tell).
https://github.com/splunk/security_content/blame/62e859ba7b7407a9418d9b64f1869f579ffe8dd4/detections/endpoint/active_directory_privilege_escalation_identified.yml#L56

Since test data is optional for correlation searches, this test data has been removed.