Add Endpoint advanced options for capture mode and session data

[ferullo]

Please add two Linux-only advanced options to Endpoint's policy for 8.2. Both are new to 8.2. Adding these entries now will enable end-to-end testing in 8.2.0-SNAPSHOT builds.

inputs[0].policy.linux.advanced.kernel.capture_mode Allowed values are auto, kprobe, or ebpf. The default is kprobe currently but we intend for it to change to auto before 8.2 FF.

inputs[0].policy.linux.advanced.events.session_data Allowed values are true and false. The default is currently false but it may change to true before 8.2 FF.

cc @qcorporation @kevinlog @softengchick

[elasticmachine]

Pinging @elastic/security-onboarding-and-lifecycle-mgt (Team:Onboarding and Lifecycle Mgt)

[kevinlog]

I will add this in for 8.2