ascanrules: Tiddy up ExternalRedirectScanRule

- CHANGELOG > Add maintenance note.
- ExternalRedirectScanRule > Use an enum for payloads & types. Extract a
method for payload counts per Stength. Remove unnecessary comments.
- ExternalRedirectScanRuleUnitTest > Remove unnecessary assignments. Use
isEmpty vs length greater than zero.

Signed-off-by: kingthorin <[email protected]>

Author: kingthorin

addOns/ascanrules/CHANGELOG.md

@@ -5,7 +5,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ## Unreleased
 ### Changed
-- Maintenance changes.
 - Depends on an updated version of the Common Library add-on.
 - The following scan rules and their alerts have been renamed to clarify that they're time based (Issue 7341).
     - SQL Injection - Oracle
@@ -17,6 +16,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - The Remote OS Command Injection scan rule has been broken into two rules; one feedback based, and one time based (Issue 7341). This includes assigning the time based rule ID 90037.
 - For Alerts raised by the SQL Injection scan rules the Attack field values are now simply the payload, not an assembled description.
 - Maintenance changes.
+- The External Redirect scan rule payload were slightly re-ordered to prioritize HTTPS variants.
 
 ### Added
 - Rules (as applicable) have been tagged in relation to HIPAA and PCI DSS.