Refactor the `risk` property of `detection_abstract` to handle observable/risk/threat mappings more transparently

[cmcginley-splunk]

• The mappings between risk types and observable types/roles is complicated, confusing, and prone to logical errors and edge cases
• We should refactor it to be a transparent mapping between observable types (as in SES_OBSERVABLE_TYPE_MAPPING) and risk/threat types
• For example, we have users as Attackers in many detections
  • Currently, these get mapped to risks instead of threats unintentionally
  • Lou's PR (#234) will address this, but even then, user threat object will get the type other instead of user

[cmcginley-splunk]

E.g. streamline to use a similar TYPE_MAP as seen in risk_event.py