Move falco engine to its own library.

Move the c++ and lua code implementing falco engine/falco common to its
own directory userspace/engine. It's compiled as a static library
libfalco_engine.a, and has its own CMakeLists.txt so it can be included
by other projects.

The engine's CMakeLists.txt has a add_subdirectory for the falco rules
directory, so including the engine also builds the rules.

The variables you need to set to use the engine's CMakeLists.txt are:

- CMAKE_INSTALL_PREFIX: the root directory below which everything is
  installed.
- FALCO_ETC_DIR: where to install the rules file.
- FALCO_SHARE_DIR: where to install lua code, relative to the
- install/package root.
- LUAJIT_INCLUDE: where to find header files for lua.
- FALCO_SINSP_LIBRARY: the library containing sinsp code. It will be
- considered a dependency of the engine.
- LPEG_LIB/LYAML_LIB/LIBYAML_LIB: locations for third-party libraries.
- FALCO_COMPONENT: if set, will be included as a part of any install()
  commands.

Instead of specifying /usr/share/falco in config_falco_*.h.in, use
CMAKE_INSTALL_PREFIX and FALCO_SHARE_DIR.

The lua code for the engine has also moved, so the two lua source
directories (userspace/engine/lua and userspace/falco/lua) need to be
available separately via falco_common, so make it an argument to
falco_common::init.

As a part of making it easy to include in another project, also clean up
LPEG build/defs. Modify build-lpeg to add a PREFIX argument to allow for
object files/libraries being in an alternate location, and when building
lpeg, put object files in a build/ subdirectory.

userspace/engine/falco_engine.h

@@ -0,0 +1,75 @@
+#pragma once
+
+#include <string>
+
+#include "sinsp.h"
+#include "filter.h"
+
+#include "rules.h"
+
+#include "falco_common.h"
+
+//
+// This class acts as the primary interface between a program and the
+// falco rules engine. Falco outputs (writing to files/syslog/etc) are
+// handled in a separate class falco_outputs.
+//
+
+class falco_engine : public falco_common
+{
+public:
+	falco_engine();
+	virtual ~falco_engine();
+
+	//
+	// Load rules either directly or from a filename.
+	//
+	void load_rules_file(const std::string &rules_filename, bool verbose, bool all_events);
+	void load_rules(const std::string &rules_content, bool verbose, bool all_events);
+
+	//
+	// Enable/Disable any rules matching the provided pattern (regex).
+	//
+	void enable_rule(std::string &pattern, bool enabled);
+
+	struct rule_result {
+		sinsp_evt *evt;
+		std::string rule;
+		std::string priority;
+		std::string format;
+	};
+
+	//
+	// Given an event, check it against the set of rules in the
+	// engine and if a matching rule is found, return details on
+	// the rule that matched. If no rule matched, returns NULL.
+	//
+	// the reutrned rule_result is allocated and must be delete()d.
+	rule_result *process_event(sinsp_evt *ev);
+
+	//
+	// Print details on the given rule. If rule is NULL, print
+	// details on all rules.
+	//
+	void describe_rule(std::string *rule);
+
+	//
+	// Print statistics on how many events matched each rule.
+	//
+	void print_stats();
+
+	//
+	// Add a filter, which is related to the specified list of
+	// event types, to the engine.
+	//
+	void add_evttype_filter(std::string &rule,
+				list<uint32_t> &evttypes,
+				sinsp_filter* filter);
+
+private:
+	falco_rules *m_rules;
+        sinsp_evttype_filter m_evttype_filter;
+
+	std::string m_lua_main_filename = "rule_loader.lua";
+};
+