[Osquerybeat] Add support for marshalling embedded structs

[brian-mckinney]

Proposed commit message

Updates osquery encoding to support marshalling structs with embedded fields. This is going to be needed for jumplists, but can be useful elsewhere as well

Example

type Meta struct {
    ID        string `osquery:"id"`
    CreatedAt time.Time `osquery:"created_at" format:"unix"`
}

type User struct {
    Meta
    Name string `osquery:"name"`
}

user := User{
Meta: Meta{
	ID:        "123",
	CreatedAt: time.Now().UTC(),
    },
    Name: "John Doe",
}
result, _ := MarshalToMapWithFlags(&user, 0)
// result: map[created_at:1763670897 id:123 name:John Doe]

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works. Where relevant, I have used the stresstest.sh script to run them under stress conditions and race detector to verify their stability.
• I have added an entry in ./changelog/fragments using the changelog tool.

Disruptive User Impact

Author's Checklist

• [ ]

How to test this PR locally

Related issues

Use cases

Screenshots

Logs

[botelastic]

This pull request doesn't have a Team:<team> label.

[github-actions]

🤖 GitHub comments

Just comment with:

• run docs-build : Re-trigger the docs validation. (use unformatted text in the comment!)

[mergify]

This pull request does not have a backport label.
If this is a bug or security fix, could you label this PR @brian-mckinney? 🙏.
For such, you'll need to label your PR with:

• The upcoming major version of the Elastic Stack
• The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change)

To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

• backport-8./d is the label to automatically backport to the 8./d branch. /d is the digit
• backport-active-all is the label that automatically backports to all active branches.
• backport-active-8 is the label that automatically backports to all active minor branches for the 8 major.
• backport-active-9 is the label that automatically backports to all active minor branches for the 9 major.