Improving tracee-rules output

[itaysk]

Let's discuss how to improve the output format of tracee-rules
There are a couple of tracee-rules specific needs to address:

1. which information from Finding.Context to present is relevant
2. the format requirements might differ based on the reporting signature
3. allow the user to customize the output (perhaps like tracee-ebpf has: --output format:/path/to/template)

[itaysk]

related comment by @yanivagman #573 (comment):

I think that each signature should have its own output context, which should be submitted by the signature itself.
The context can describe more complicated things like: "process x connected to ip y which is blacklisted".
This can be implemented by the signature adding an extra "output" field to the Finding.Data map, which we can then print here in case it was specified by the signature. Another option is to make this "output" field part of the interface that should be returned on a match.
In case that the output field was specified by the signature, we can also remove the processName, pid, and ppid which may not be of interest to the context of the signature match.

[itaysk]

more useful examples from @yanivagman #573 (comment):

I think that some of these fields should not be printed on every signature match.
These are: process name, process ID, PPID, hostname and event name - which are almost all of the added fields in this PR.
This relates to my previous comment that every signature has its own context.
Here are a few examples:

A signature that is triggered by multiple events (connect, accept, dup, etc...) - the current event name is not relevant
A signature that counts the number of events of a certain type - doesn't require the ppid, process name, etc.
An "inter-process" signature that correlates events of different processes - doesn't need any process context.
And there are more examples.