Log new process

[chajain]

Log every new process started/failed on the endpoint (SENS-12)

[guangyee]

Looks good! I am able to test this PR in my local vagrant development environment. A couple of observations:

1. if there's an existing static rule (in /etc/audit/rules.d/) which does the same thing but with a different tag, all the audit events will be using that tag instead.
2. I ran into an this error while testing the PR, vql: receive failed: no buffer space available, which seem to be (according to Nikolay) related to netlink queue buffer out of space. This resulted in the VM became unresponsive. However, I haven't been able to reproduce this error since the VM reboot.