libbeat/processors/add_process_metadata: Add default cgroup.regex for add_process_metadata

[bhapas]

Proposed commit message

Replace the existing cgroup_prefixes default with a default cgroup_regex. The new default will match the same cgroup paths as the old cgroup_prefixes value plus more. Out of the box it will match cgroup paths from modern Kubernetes and Podman versions. Existing users of cgroup_prefixes and cgroup_regex should see no breaking change.

This removes the undocumented behavior that when cgroup_prefixes was used that it would return a value that matched [\w]{64} for cgroup v2 paths. This was inconsistent because it arbitrary applied only to cgroup v2 paths and it could be prone to false matches.

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
  - [ ] I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Related issues

• Closes add_process_metadata: cgroup_regex should support containerd #32961

[mergify]

This pull request does not have a backport label.
If this is a bug or security fix, could you label this PR @bhapas? 🙏.
For such, you'll need to label your PR with:

• The upcoming major version of the Elastic Stack
• The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change)

To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

• backport-v8./d.0 is the label to automatically backport to the 8./d branch. /d is the digit

[elasticmachine]

❕ Build Aborted

There is a new build on-going so the previous on-going builds have been aborted.

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-09-07T06:23:47.761+0000

• Duration: 82 min 5 sec

Test stats 🧪

Test	Results
Failed	0
Passed	28247
Skipped	2013
Total	30260

Steps errors

Expand to view the steps failures

metricbeat-pythonIntegTest - mage pythonIntegTest

• Took 31 min 0 sec . View more details here
• Description: mage pythonIntegTest

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• /package : Generate the packages and run the E2E tests.

• /beats-tester : Run the installation tests with beats-tester.

• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[andrewkroh]

I pushed some changes to implement a default cgroup_regex without breaking existing configs. PTAL

Proposed commit message:

Replace the existing cgroup_prefixes default with a default cgroup_regex. The new default will match the same cgroup paths as the old cgroup_prefixes value plus more. Out of the box it will match cgroup paths from modern Kubernetes and Podman versions. Existing users of cgroup_prefixes and cgroup_regex should see no breaking change.

This removes the undocumented behavior that when cgroup_prefixes was used that it would return a value that matched [\w]{64} for cgroup v2 paths. This was inconsistent because it arbitrary applied only to cgroup v2 paths and it could be prone to false matches.

[leehinman]

LGTM