Update T1003.003.md & T1003.003.yaml via UnderlayCopy

[kfallahi]

This PR adds an atomic test that demonstrates NTDS Dumping via raw NTFS extraction using UnderlayCopy.
UnderlayCopy extracts protected/locked system artifacts (SAM, SYSTEM, NTDS) by parsing $MFT and/or mapping clusters via filesystem metadata. This atomic helps validate detections for raw-volume and MFT-based acquisition techniques.

• Atomic: Copy NTDS in low level NTFS acquisition (MFT and fsutil method)

• ATT&CK mapping: T1003.003

• Executor: powershell

• References: https://github.com/kfallahi/UnderlayCopy

• I can add additional atomics for SAM and SYSTEM (mapped to T1003.002) if maintainers prefer.

[patel-bhavin]

Thank you for this PR @kfallahi- Can you please add screenshots of the execution and cleanup of this atomic via Invoke ? hat will be of huge help for review

Also no need to add the .md files next time , these are automatically generated from the yaml files