guestagent: consolidate audit event monitor to eBPF tracepoint monitor

[AkihiroSuda]

lima/pkg/guestagent/guestagent_linux.go

Line 135 in 9d815d5

if msg.Type == auparse.AUDIT_NETFILTER_CFG {

lima/cmd/lima-guestagent/daemon_linux.go

Lines 60 to 61 in 9d815d5

	// See /sys/kernel/debug/tracing/available_events for the list of available tracepoints
	tracepoints := []string{"syscalls:sys_exit_bind"}

We have been monitoring audit event AUDIT_NETFILTER_CFG for monitoring potential iptable changes, and eBPF tracepoint syscalls:sys_exit_bind for potential /proc/net/tcp changes.

Ideally we should only monitor eBPF tracepoints if feasible.
/sys/kernel/debug/tracing/available_events doesn't seem to contain an equivalent of AUDIT_NETFILTER_CFG though.

[AkihiroSuda]

We do not even need to monitor iptables/netfilter events, if we can resolve:

• guestagent: iptables watcher should not be needed at all #4085