Improve Python detection, particularly around setuptools

[tstromberg]

Our Python rules didn't reliably match the use of "setuptools"; often we'll use the fact that the script is a library installer to up the suspicion level.

This does add a private rule that we copy around to a couple of files. The lack of re-use isn't great, and neither is the private rule behavior. The use of a private rule means we're unable to see or extract the strings related to it and present it to the user.