Revert #3135 "fix(engine): apply output substitutions for all sources"

[mrgian]

This reverts commit 4ef7c9553aaea2bfe75aa867650c7e9745c2909f.

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind bug

/kind cleanup

/kind design

/kind documentation

/kind failing-test

/kind feature

/kind release

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area build

/area engine

/area tests

/area proposals

/area CI

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

fix(engine): enable output substitution only for syscall rules, prevent engine from exiting with validation errors when a plugin is loaded and -pc/pk is specified

[github-actions[bot]]

This PR may bring feature or behavior changes in the Falco engine and may require the engine version to be bumped.

Please double check userspace/engine/falco_engine_version.h file. See versioning for FALCO_ENGINE_VERSION.

/hold

[poiana]

LGTM label has been added.

Git tree hash: 5c7fa503738a4da502c06a89a6780cc0ed33844a

[leogr]

/milestone 0.38.1

[leogr]

@LucaGuerra side note: we should also officially document that -pk (and other presets) works with syscalls source only

[FedeDP]

Side note: engine is not crashing but is triggering a validation exception :)

[LucaGuerra]

https://github.com/falcosecurity/falco/pull/3238

[poiana]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: leogr, LucaGuerra, mrgian

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/falcosecurity/falco/blob/master/OWNERS)~~ [LucaGuerra,leogr] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

[LucaGuerra]

/unhold