Add exceptions fields/comps/values to rules files

Take advantage of the changes to support exceptions and refactor rules
to use them whenever feasible:

- Define exceptions for every rule. In cases where no practical
  exception exists e.g. "K8s <obj> Created/Deleted", define an empty
  exception property just to avoid warnings when loading rules.
- Go through all rules and convert macros-used-as-exceptions that
  matched against 2-3 filter fields into exceptions. In most cases,
  switching from equality (e.g proc.name=nginx) to in (e.g. proc.name
  in (nginx)) allowed for better groupings into a smaller set of
  exception items.
- In cases where the exception had complex combinations of fields, keep
  the macro as is.