Added an event for default stable rule Detect release_agent File Container Escapes

[GLVSKiriti]

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind bug

/kind cleanup

/kind documentation

/kind tests

/kind feature

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area commands

/area pkg

/area events

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes #193

Special notes for your reviewer:

[poiana]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: GLVSKiriti
Once this PR has been reviewed and has the lgtm label, please assign fededp for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[GLVSKiriti]

@FedeDP @leogr container with cap_sys_admin capability is required to run this event and user.uid=0 or CAP_DAC_OVERRIDE capability is required as mentioned in the stable rule

And below is the screenshot shows rule is triggering fine on executing echo "hello world" > release_agent

[GLVSKiriti]

For reference followed the steps mentioned in this blog https://sysdig.com/blog/container-escape-capabilities-falco-detection/

[leogr]

cc @Andreagit97 @LucaGuerra