Add a Rust version of the gcpaudit plugin

[geraldcombs]

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind bug

/kind cleanup

/kind design

/kind documentation

/kind failing-test

/kind feature

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area plugins

/area registry

/area build

/area documentation

/area automation

What this PR does / why we need it:

This is an AI-aided translation of the gcpaudit plugin from Go to Rust. Why do this? Go doesn't officially support loading multiple c-shared libraries, and while this works on most platforms it crashes on macOS on x64, and the Go team has no plans to fix this:

golang/go#65050

Fortunately this doesn't really affect Falco, but it does affect Stratoshark, which loads multiple Falco plugins at startup:

https://gitlab.com/wireshark/wireshark/-/work_items/20869

A separate PR for a Rust version of the cloudtrail plugin can be found at #1350.

I've been shipping this and plugins with Stratoshark's development installers for macOS and Windows, and so far they seem to work well. I don't have any large capture files available for performance testing, but haven't run into any issues so far. If you have a large cloudtrail or gcpaudit file suitable for testing that you can share I would be grateful.

Questions and outstanding issues:

• cloudtrail_rs and gcpaudit_rs currently have the same IDs and names as their Go counterparts. Should these have different IDs and/or names?

• The cloudtrail Go plugin has a source test, which is absent from the Rust plugin.

Which issue(s) this PR fixes:

https://gitlab.com/wireshark/wireshark/-/work_items/20869

Fixes #

Special notes for your reviewer:

[poiana]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: geraldcombs
Once this PR has been reviewed and has the lgtm label, please assign jasondellaluce for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[geraldcombs]

The build-packages-aarch64 job is failing with

error: rustc 1.88.0 is not supported by the following packages:
  aws-config@1.8.15 requires rustc 1.91.1
  aws-credential-types@1.2.14 requires rustc 1.91.1
  [ ... ]

would it be preferable to bump the rustc version to 1.91.1 or downgrade the dependency versions?

[ekoops]

Hey @geraldcombs . Thank you for this contribution. I like the idea, and it for sure will let us avoid the problem you mentioned and any other oddity linked to the go runtime.
I don't know what other mantainers feel about it, but to me it's perfectly fine to replace the original plugins with these, once they'll reach a reasonable shape (so keeping the same IDs is fine).
However, if we reach the consensus on moving forward with this replacement (or even merging this), I would at least split this PR into two: one for cloudtrail and the other one for gcpaudit. It is really difficult to spot any issue in a 10k PR 😂

[geraldcombs]

I would at least split this PR into two: one for cloudtrail and the other one for gcpaudit. It is really difficult to spot any issue in a 10k PR 😂

Great suggestion! Done in #1350.