[Suite] Add `ptrace`-based Falco rules support

[ekoops]

Motivation

User needs support for testing Falco rules involving the ptrace system call.

Feature

Supporting a ptrace system call test step for a limited number of operations will be a good starting point, but some ptrace operations require

1. the tracee process to be stopped under some specific conditions (i.e after performing actions like trying to execute a system call
2. the tracer to wait on the tracee process and evaluate the returned status
3. the tracer to run the desired operation (e.g.: PTRACE_PEEKUSER et simila)

Given this, maybe it is worth to implement a ptrace resource, allowing to request these complex flows automatically.

Alternatives

Additional context

[poiana]

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

[ekoops]

/remove-lifecycle stale

[poiana]

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

[ekoops]

/remove-lifecycle stale

[poiana]

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

[ekoops]

/remove-lifecycle stale