tetragon: Add another sigkill tracing policy example

Adding sigkill tracing policy example that catches writes like:
    $ echo "krava" > /tmp/passwd

Signed-off-by: Jiri Olsa <[email protected]>

Author: Cloud User

examples/tracingpolicy/sys_write_sigkill.yaml

@@ -0,0 +1,75 @@
+apiVersion: cilium.io/v1alpha1
+kind: TracingPolicy
+metadata:
+  name: "syswritefollowfdpsswd"
+spec:
+  kprobes:
+  - call: "fd_install"
+    syscall: false
+    args:
+    - index: 0
+      type: int
+    - index: 1
+      type: "file"
+    selectors:
+    - matchArgs:
+      - index: 1
+        operator: "Equal"
+        values:
+        - "/tmp/passwd"
+      matchActions:
+      - action: FollowFD
+        argFd: 0
+        argName: 1
+  - call: "do_dup2"
+    syscall: false
+    args:
+    - index: 0
+      type: int
+    - index: 1
+      type: "file"
+    - index: 2
+      type: int
+    selectors:
+    - matchArgs:
+      - index: 1
+        operator: "Equal"
+        values:
+        - "/tmp/passwd"
+      matchActions:
+      - action: FollowFD
+        argFd: 2
+        argName: 1
+  - call: "__x64_sys_close"
+    syscall: true
+    args:
+    - index: 0
+      type: "int"
+    selectors:
+    - matchActions:
+      - action: UnfollowFD
+        argFd: 0
+        argName: 0
+  - call: "__x64_sys_write"
+    syscall: true
+    args:
+    - index: 0
+      type: "fd"
+    - index: 1
+      type: "char_buf"
+      sizeArgIndex: 3
+    - index: 2
+      type: "size_t"
+    selectors:
+    - matchPIDs:
+      - operator: NotIn
+        values:
+        - 0
+        - 1
+      matchArgs:
+      - index: 0
+        operator: "Equal"
+        values:
+        - "/tmp/passwd"
+      matchActions:
+      - action: SigKill