With json output, output field itself becomes json after first alert

[mstemm]

https://github.com/falcosecurity/falco/pull/410 introduced a regression, where when using json output the output field of the json object itself would become json, after the first alert. For example:

{"output":"11:42:48.980588289: Informational Container entrypoint seen (user=root command=sh -c sleep 1 incomplete (id=d441611951f1))","priority":"Informational","rule":"Container Entrypoint Seen","time":"2019-03-12T18:42:48.980588289Z", "output_fields": {"container.id":"d441611951f1","container.name":"incomplete","evt.time":1552416168980588289,"proc.cmdline":"sh -c sleep 1","user.name":"root"}}
{"output":"{\"container.id\":\"d441611951f1\",\"container.name\":\"incomplete\",\"evt.time\":1552416168980774536,\"proc.cmdline\":\"sleep 1\",\"user.name\":\"root\"}","priority":"Informational","rule":"Container Entrypoint Seen","time":"2019-03-12T18:42:48.980774536Z", "output_fields": {"container.id":"d441611951f1","container.name":"incomplete","evt.time":1552416168980774536,"proc.cmdline":"sleep 1","user.name":"root"}}

The reason for this was that the inspector buffer format is set in falco_formats::format_event to properly render the output_fields property, but it wasn't being set back to PF_NORMAL. This line should be added back.

[michalzxc]

The same issue +1

[spaceportpw]

The same issue +1