feat: add gid field support for exec* family

[ekoops]

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind bug

/kind cleanup

/kind design

/kind documentation

/kind failing-test

/kind feature

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area API-version

/area build

/area CI

/area driver-kmod

/area driver-bpf

/area driver-modern-bpf

/area libscap-engine-bpf

/area libscap-engine-gvisor

/area libscap-engine-kmod

/area libscap-engine-modern-bpf

/area libscap-engine-nodriver

/area libscap-engine-noop

/area libscap-engine-source-plugin

/area libscap-engine-savefile

/area libscap

/area libpman

/area libsinsp

/area tests

/area proposals

Does this PR require a change in the driver versions?

/version driver-API-version-major

/version driver-API-version-minor

/version driver-API-version-patch

/version driver-SCHEMA-version-major

/version driver-SCHEMA-version-minor

/version driver-SCHEMA-version-patch

What this PR does / why we need it:
This PR adds the effective group ID to the set of fields exported by the execve and execveat system calls. In this way, it is possible to detect an effective group ID change upon set-group-ID programs execution.
Which issue(s) this PR fixes:

Fixes #2144

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

feat(drivers): add `gid` field for exec* family

[poiana]

Welcome @ekoops! It looks like this is your first PR to falcosecurity/libs 🎉

[FedeDP]

/milestone next-driver

[github-actions]

Perf diff from master - unit tests

     9.29%     +1.29%  [.] sinsp::next
     7.58%     -0.64%  [.] sinsp_evt::get_type
     3.03%     -0.36%  [.] sinsp_thread_manager::find_thread
     2.33%     +0.36%  [.] is_conversion_needed
     2.81%     +0.34%  [.] sinsp_thread_manager::get_thread_ref
     2.36%     -0.34%  [.] std::_Hashtable<long, std::pair<long const, std::shared_ptr<sinsp_threadinfo> >, std::allocator<std::pair<long const, std::shared_ptr<sinsp_threadinfo> > >, std::__detail::_Select1st, std::equal_to<long>, std::hash<long>, std::__detail::_Mod_range_hashing, std::__detail::_Default_ranged_hash, std::__detail::_Prime_rehash_policy, std::__detail::_Hashtable_traits<false, false, true> >::_M_find_before_node
     1.33%     -0.33%  [.] std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release
     1.12%     -0.31%  [.] std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_construct<char const*>
     5.82%     -0.30%  [.] next_event_from_file
     0.93%     +0.30%  [.] sinsp_evt::get_syscall_return_value

Heap diff from master - unit tests

peak heap memory consumption: 0B
peak RSS (including heaptrack overhead): 0B
total memory leaked: 0B

Heap diff from master - scap file

peak heap memory consumption: 0B
peak RSS (including heaptrack overhead): 0B
total memory leaked: 0B

Benchmarks diff from master

Comparing gbench_data.json to /root/actions-runner/_work/libs/libs/build/gbench_data.json
Benchmark                                                         Time             CPU      Time Old      Time New       CPU Old       CPU New
----------------------------------------------------------------------------------------------------------------------------------------------
BM_sinsp_split_mean                                            +0.0411         +0.0411           146           152           146           152
BM_sinsp_split_median                                          +0.0434         +0.0433           146           152           146           152
BM_sinsp_split_stddev                                          +3.6393         +3.6479             0             2             0             2
BM_sinsp_split_cv                                              +3.4563         +3.4646             0             0             0             0
BM_sinsp_concatenate_paths_relative_path_mean                  +0.0130         +0.0130            61            62            61            62
BM_sinsp_concatenate_paths_relative_path_median                +0.0149         +0.0149            61            62            61            62
BM_sinsp_concatenate_paths_relative_path_stddev                -0.6692         -0.6691             1             0             1             0
BM_sinsp_concatenate_paths_relative_path_cv                    -0.6734         -0.6733             0             0             0             0
BM_sinsp_concatenate_paths_empty_path_mean                     -0.0367         -0.0367            25            24            25            24
BM_sinsp_concatenate_paths_empty_path_median                   -0.0315         -0.0315            25            24            25            24
BM_sinsp_concatenate_paths_empty_path_stddev                   -0.8886         -0.8885             0             0             0             0
BM_sinsp_concatenate_paths_empty_path_cv                       -0.8844         -0.8842             0             0             0             0
BM_sinsp_concatenate_paths_absolute_path_mean                  +0.0359         +0.0359            61            63            61            63
BM_sinsp_concatenate_paths_absolute_path_median                +0.0368         +0.0368            61            63            61            63
BM_sinsp_concatenate_paths_absolute_path_stddev                +0.1135         +0.1144             0             0             0             0
BM_sinsp_concatenate_paths_absolute_path_cv                    +0.0749         +0.0758             0             0             0             0
BM_sinsp_split_container_image_mean                            -0.0036         -0.0036           392           391           392           391
BM_sinsp_split_container_image_median                          -0.0081         -0.0081           393           390           393           390
BM_sinsp_split_container_image_stddev                          +0.3119         +0.3112             3             3             3             3
BM_sinsp_split_container_image_cv                              +0.3166         +0.3159             0             0             0             0

[codecov]

Codecov Report

Attention: Patch coverage is 50.00000% with 1 line in your changes missing coverage. Please review.

Project coverage is 75.19%. Comparing base (07a16e9) to head (67e6bc8).
Report is 1 commits behind head on master.

Files with missing lines	Patch %	Lines
userspace/libsinsp/parsers.cpp	50.00%	1 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #2161   +/-   ##
=======================================
  Coverage   75.19%   75.19%           
=======================================
  Files         261      261           
  Lines       33878    33880    +2     
  Branches     5801     5802    +1     
=======================================
+ Hits        25475    25477    +2     
  Misses       8403     8403           

Flag	Coverage Δ
libsinsp	75.19% <50.00%> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[Andreagit97]

Great work! Just one question

[Andreagit97]

/approve

[poiana]

LGTM label has been added.

Git tree hash: fdbd0b829322479e5344c02bc15b96d82e5ba2fd

[FedeDP]

/approve

[poiana]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Andreagit97, ekoops, FedeDP

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [Andreagit97,FedeDP]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment