Add documentation for undocumented output options (#1056)

Signed-off-by: grantseltzer <grantseltzer@gmail.com>

docs/tracee-ebpf/output.md

@@ -10,10 +10,13 @@ CLI Option | Description
 `none` | ignore stream of events output, usually used with `--capture`
 `out-file:/path/to/file` | write the output to a specified file. the path to the file will be created if not existing and the file will be deleted if existing (default: stdout)
 `err-file:/path/to/file` | write the errors to a specified file. the path to the file will be created if not existing and the file will be deleted if existing (default: stderr)
-`option:{stack-addresses,detect-syscall,exec-env}` | augment output according to given options (default: none)
+`option:{stack-addresses,detect-syscall,exec-env,exec-info,relative-time}` | augment output according to given options (default: none)
   stack-addresses | include stack memory addresses for each event
   detect-syscall | when tracing kernel functions which are not syscalls, detect and show the original syscall that called that function
   exec-env | when tracing execve/execveat, show the environment variables that were used for execution
+exec-info | when tracing sched_process_exec, show the file hash(sha256) and ctime
+relative-time | use relative timestamp instead of wall timestamp for events
+
 
 (Use this flag multiple times to choose multiple capture options)