Feature Request: Make Alerts a first class object

[scudette]

Currently alerts can be created in VQL using watch_monitoring() to watch for events from clients and server. This work but it is very cumbersome and requires a lot of custom VQL to make it work smoothly.

There are some differences between client event monitoring and alerts:

1. Client monitoring applies to each client separately - this means we have to search for client, select client events screen and then select one of the client event queries to see them. An alert should be easily seen regardless of which client it came from.
2. Alerts are usually quite low volume compared to client events - for example process execution events are expected to be large in number but an alert is immediately actionable and should be much rarer.

We should have alerts as a built in concept in Velociraptor. This means:

1. Client artifacts should be able to explicitly sent an alert to the server - including important details from VQL.
2. Alerts sholuld be easily linked to the client and event stream it came from - so the user can drill down quickly.
3. The GUI should have an alert viewing screen.
4. Alerts should be easily routed to escalation paths like slack notifications, emails etc.

[scudette]

This started to take shape in #2631