(legacy) EXIM base-line for ECS-ification

[kares]

another day another grok pattern story: this time the exim (mail server) patterns seem incomplete. there seems to be partial sub-patterns and experiments with excluding specific messages which are hard to follow.

in their current (partial) form it's pretty much impossible to even come up with meaningful tests (for ECS). the proposal here tries to establish a useful (but still minimal) EXIM line - for matching "mail arrival" logs (<=).

hoping to build exim ECS support on top of this.

NOTES:

• changes to existing patterns are backwards compatible
• all presented specs are passing
• there's a mix of %{:grok} and \<regexp> style named captures due the effort to eliminate introducing more EXIM_xxx (legacy) names
• other options include only having EXIM definition for tests (in a separate file)

HINT: targeting ecs-wip branch, these would only get released once the ECS work is complete

[kares]

@yaauie anything against these to have somehow meaningful EXIM mail arrival matching to start with? otherwise ECS-ification makes little sense.