Use Go templates for stdout

[simar7]

This PR adds the following:

• --output flag to tracee-rules, which enables to BYOT (bring your own template) for stdout.
• Use wall time as part of event detection capture.
• Ability to use Signature Metadata fields inside of custom templates.
• If no custom template is specified for --output, tracee-rules uses a default predefined template.

Fixes: #612, #611 and #614

Signed-off-by: Simarpreet Singh simar@linux.com

[itaysk]

@simar7 what do you think on changing Finding type to include the SignatureMetadata instead of the Signature interface? @yanivagman also curios what you think

[yanivagman]

Signature interface has GetMetadata() method - why not using it when needed?

[itaysk]

Yaniv and I discussed this offline, we should replace signature field with signaturemetadata in the finding. This will simplify many cases without sacrificing much.

[simar7]

Should we do that as part of this PR? I'm happy to do it just feel it's unrelated to this PR as modifying an existing interface requires all users of it (example signatures in this case) to be changed as well.

[itaysk]

whatever you prefer

[simar7]

I'll draft a new PR

[simar7]

#646

[simar7]

NB: I'm still keeping this in because to my knowledge there's no way to inject a custom time interface into sprig which makes it untestable for our most common case of template (simple and verbose) where we need the current time.

[itaysk]

why do we need to test it specifically? if we want to test that the templating engine works, can we craft a simpler template for the test?

[simar7]

Yes fair point. I wanted to test the default output (without any templates, which includes a timestamp). I found a another way to do it bf6a78f and cleaned this up.

[itaysk]

LGTM, although I do prefer to remove the timenow function before merging if you agree with my comment