[Auditbeat] Prepare System Package to be GA

[andrewkroh]

Describe the enhancement:

We previously had plans to deprecate the system.package dataset because in within the Elastic ecosystem we expected that osquerybeat could provide this data using various tables like rpm_package and deb_packages. However, because it cannot provide deltas between previous state and current state the data is not that useful on its own. So we want to improve the Auditbeat system.package dataset such that it can be supported as GA feature and exposed through Elastic Agent.

• [x] Create a beta Fleet integration for package monitoring that wraps the Auditbeat system.package dataset.

• [ ] Add fsnotify support for triggering updates in near real-time.

• [x] Migrate to using FlatBuffers and the means of encoding persistent state. This will ensure we have a stable schema for this data between versions and avoid accidental breakages.

• [x] Update documentation for Auditbeat package dataset. Remove beta warnings and info in https://github.com/elastic/beats/blob/ba3bce42590dbf722061d7d92bfdb0bd903e9014/x-pack/auditbeat/module/system/package/package.go#L201, https://github.com/elastic/beats/blob/043e60d039352627fd95fec8f130fcd03777348d/x-pack/auditbeat/module/system/package/_meta/docs.asciidoc#L3

• [x] Update documentation related to Auditbeat to Agent migration specifically related to system.package. For reference this was added in https://github.com/elastic/observability-docs/pull/2270. Should be above Osquery line

• [x] Document the Fleet integration as GA using at least version 1.0.0 for the package.

Describe a specific use case for the enhancement or feature:

References

• Replaces https://github.com/elastic/beats/issues/33481

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[elasticmachine]

Pinging @elastic/sec-linux-platform (Team:Security-Linux Platform)