Support filter per PID for system traces

[daladim]

EventFilter::ByPids are only effective on kernel mode logger session.

see https://learn.microsoft.com/en-us/windows/win32/api/evntprov/ns-evntprov-event_filter_descriptor:

The PIDs based filter-blob is only valid for a kernel mode logger session because the private logger session runs inside a user-mode process

But this does not work for KernelTraces in ferrisetw. This would be good to support it.

Ideas:

• Maybe there's a distinction between "a trace run in kernel-mode" and a "System trace"? But is a ferrisetw::KernelTrace one of them in the first place?
• Maybe that's post-win10 build 20348 anyway? (see https://learn.microsoft.com/en-us/windows/win32/etw/system-providers)
• Maybe that's not possible at all, and this should be documented in ferrisetw

If this eventually works, this should be added in an integration test