Create command to generate Falco events

[leodido]

What would you like to be added:

A command (and the relative library) to generate Falco events.

It should do what https://github.com/falcosecurity/falco/blob/dev/docker/event-generator/event_generator.cpp does.

Why is this needed:

To remove the docker/event-generator directory from Falco repository and provide the events generator via falcoctl.

[leodido]

Notice also that integrations uses the current "sysdig/falco-event-generator" docker image. This means we need to build the new "falco/falco-event-generator" docker image starting from the library we'll create in falcoctl for this matter.

[leogr]

I can work on this once we make a decision on falcosecurity/falco#1089
/assign

[leogr]

Update (see also falcosecurity/falco#1089 (comment) ):

Assuming that the new event-generator is a full-featured CLI, I am not sure if we should implement the command here.

My alternative

Rationale
When the implementation of a feature is vast enough and does not directly depend on falcoctl basic functionality, it makes sense to implement that feature in its own tool or library - with a single responsibility.
In the case of a library, falcoctl can simply consume the lib API where needed. That's it. For example, this could happen with client-go.
On the other hand, in the case of a CLI tool that users can already use (eg. falco-exporter ), it does not make sense for falcoctl to wrap it.
Nevertheless, if we would generalize the idea of using falcoctl to install/deploy things, it could still help.

Proposal
Instead of creating a new command for event generation, just add a command to install (or deploy) the new event-generator tool.
IMHO, it would be really useful especially when deploying it on k8s.
Furthermore, falcoctl will not have the responsibility to implement the feature, although it still facilitates the user experience.

Ofc, this approach can be generalized for other tools, eventually.

WDYT?

cc @leodido

[leogr]

Replaced by #94