adding event for this rule `mount launched in privileged container`

[h4l0gen]

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind bug

/kind cleanup

/kind documentation

/kind tests /kind feature

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area commands

/area pkg

/area events

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes #204

Special notes for your reviewer:

[h4l0gen]

In this event, flags are set syscall.CLONE_NEWNS | syscall.CLONE_NEWUSER as this action is in the privileged container. Rule triggered successfully but this action shows an error as to launch mount inside privileged container we need more flags and permission like (cap_sys_admin) IMO that just make this event complex. What you think @leogr @FedeDP

[h4l0gen]

@FedeDP If everything looks good to you, then we are good to go with this PR.

[h4l0gen]

@FedeDP changes done.

[poiana]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: FedeDP, h4l0gen

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/falcosecurity/event-generator/blob/main/OWNERS)~~ [FedeDP] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

[poiana]

LGTM label has been added.

Git tree hash: ea44683f41d733400b2020195fdbec33155df70e