Add Endpoint advanced option to disable file descriptor kprobes

[nicholasberlin]

Please add a Linux-only advanced option to Endpoint's policy for 8.8. This feature is new to 8.8. Adding these entries now will enable end-to-end testing in 8.8.0-SNAPSHOT builds.

inputs[0].policy.linux.advanced.events.disable_fd_kprobes Allowed values are true or false. The default is false.

Tooltip text:

When only process events are being collected, this option will disable file descriptor tracking probes. This can be used to reduce Endpoint processing at the expense of missing `fchdir` based working directory changes. This only applies if the `capture_mode` is `kprobe` or if `auto` resolves tracefs (kprobe) probes. `ebpf` based event collection ignores this setting. Default is false.

[elasticmachine]

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)

[kevinlog]

Thanks @nicholasberlin - will pick this up

[kevinlog]

PR: https://github.com/elastic/kibana/pull/154684