remove help command, create flags markdown docs

[geyslan]

Close #3299

1. Explain what the PR does

5bac134 fix(flags)!: del help cmd, add md files for flags _{(2023/jul/13) Geyslan Gregório <geyslan@gmail.com>}

This removes the default cobra help command, leaving only the root
--help flag.

The remaining - in code - help flags strings are only used by the old
tracee-ebpf command.

With this, new binary flags help are inaccessible. To circumvent this,
the help flags are now documented in markdown files (not included to
online docs) to be used as source for man pages generation (next step).

BREAKING CHANGE: help command is gone, use --help flag instead.

2. Explain how to test it

Help flag

sudo ./dist/tracee --help

Tracee uses eBPF technology to tap into your system and give you
access to hundreds of events that help you understand how your system behaves.

Usage:
  tracee [flags]
  tracee [command]

Available Commands:
  analyze     Analyze past events with signature events [Experimental]
  completion  Generate the autocompletion script for the specified shell
  list        List traceable events
  list-caps   List available capabilities
  version     Print the version number of Tracee

Flags:
  -s, --scope stringArray            [uid|comm|container...]            Select workloads to trace by defining filter expressions
  -e, --events stringArray           [name|name.args.pathname...]       Select events to trace and event filters
  -p, --policy stringArray           [file|dir]                         Path to a policy or directory with policies
  -o, --output stringArray           [json|none|webhook...]             Control how and where output is printed (default [table])
  -c, --capture stringArray          [write|exec|network...]            Capture artifacts that were written, executed or found to be suspicious
      --config string                <file>                             Global config file (yaml, json between others - see documentation)
      --containers                                                      Enable container info enrichment to events. This feature is experimental and may cause unexpected behavior in the pipeline
      --crs stringArray              <runtime:socket>                   Define connected container runtimes
      --signatures-dir stringArray   <dir>                              Directories where to search for signatures in CEL (.yaml), OPA (.rego), and Go plugin (.so) formats
      --rego stringArray             [partial-eval|aio]                 Control event rego settings
  -b, --perf-buffer-size int         <size>                             Size, in pages, of the internal perf ring buffer used to submit events from the kernel (default 1024)
      --blob-perf-buffer-size int    <size>                             Size, in pages, of the internal perf ring buffer used to send blobs from the kernel (default 1024)
  -a, --cache stringArray            [type|mem-cache-size]              Control event caching queues (default [none])
      --metrics                                                         Enable metrics endpoint
      --healthz                                                         Enable healthz endpoint
      --pprof                                                           Enable pprof endpoints
      --pyroscope                                                       Enable pyroscope agent
      --listen-addr string           <url:port>                         Listening address of the metrics endpoint server (default ":3366")
  -C, --capabilities stringArray     [bypass|add|drop]                  Define capabilities for tracee to run with
      --install-path string          <dir>                              Path where tracee will install or lookup it's resources (default "/tmp/tracee")
  -l, --log stringArray              [debug|info|warn...]               Logger options (default [info])
  -h, --help                         help for tracee

Additional help topics:
  tracee            

Use "tracee [command] --help" for more information about a command.

Help command (removed)

sudo ./dist/tracee help

Error: unknown command "help" for "tracee"

3. Other comments

[geyslan]

When this is merged, open an issue to generate man pages for flags using the introduced markdown files.

[josedonizetti]

@geyslan Not sure I understand why we added list-caps? Also, is the idea to merge into this release, and the man page would only be provided in the upcoming release?

[geyslan]

@geyslan Not sure I understand why we added list-caps? Also, is the idea to merge into this release, and the man page would only be provided in the upcoming release?

The main branch help capabilities generates the help with a list of available capabilities, as we're removing them (placing in markdowns), we need to provide similar functionality, so after discussion we've decided to make it a flag for the already existent list command list --caps. I'll updated it soon. 👍🏼

[geyslan]

@geyslan Not sure I understand why we added list-caps? Also, is the idea to merge into this release, and the man page would only be provided in the upcoming release?

The main branch help capabilities generates the help with a list of available capabilities, as we're removing them (placing in markdowns), we need to provide similar functionality, so after discussion we've decided to make it a flag for the already existent list command list --caps. I'll updated it soon. 👍🏼

We've discussed this offline and decided to remove the available capabilities output for now while we don't set a system/debug option to centralise system information fetching.