Use factories to provide filters/formatting

Instead of having hard-coded support for syscall/k8s_audit events, use
the notions of filter factories/formatter factories to provide generic
support for events having a given source:

- Within the engine, maps m_filter_factories / m_rulesets /
  m_format_factories map from a given source to something that can
  create filters, hold filters, and create formatters for a given
  source. The hard-coded sinsp_factory/json_factory objects are removed.

- The specific add_xxx_filter/process_xxx_event are general purpose
  and take an event source.

- A new method create_formatter() takes a source/output format and
  provides a shared_ptr to a formatter than can resolve format
  strings. This is used by the falco outputs code.

- In falco main, create the syscall/k8s_audit filter and formatter
  factories and pass them to the engine. Later, we might make this
  configurable/selective.

With all of the above changes, the falco engine doesn't need a direct
inspector any longer, so remove it.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>

userspace/engine/falco_common.h

@@ -71,8 +71,6 @@ public:
 
 	void init(const char *lua_main_filename, const char *alternate_lua_dir);
 
-	void set_inspector(sinsp *inspector);
-
     // Priority levels, as a vector of strings
 	static std::vector<std::string> priority_names;
 
@@ -94,8 +92,6 @@ protected:
 
 	std::mutex m_ls_semaphore;
 
-	sinsp *m_inspector;
-
 private:
 	void add_lua_path(std::string &path);
-};
+};