Fix kv parsing in auditd integration to properly support quoted values.

[Tacklebox]

The auditd integration uses regex patterns with the kv ingest pipeline processor to split key=value substrings out of the logs from auditd. Since the values can be arbitrary quoted data including whitespace, to fully support parsing the kv pairs, parsing should be done from the painless script instead to account for multiple spaces, escaped quotes/etc.

[elasticmachine]

Pinging @elastic/sec-linux-platform (Team:Security-Linux Platform)