[REFAC] Optimize syscall eBPF logic

[NDStrahilevitz]

Prerequisites

Select one OR another:

• [x] I have discussed the refactoring idea with one (or another) maintainer.
• [x] I'll create PRs to implement this refactoring idea (assign to yourself).
• [ ] Someone else should implement this (describe it well).

Refactoring description

tracee-ebpf has a bpf code hot path in it's sys_enter and sys_exit probes. These are used for:

1. Submitting syscall events
2. Tracking syscall in task information
3. Saving syscall args across bpf programs

This logic can take up over time a lot of kernel cpu time and as such, we can and should optimize it. These can be done in the following incremental steps:

• [x] Making syscall event initialization conditional and in a tail call(done in #2080)
• [ ] Remove map lookups where possible (kconfig map in sys_enter for example)
• [x] Make all logic in sys_enter/exit tail based on tail_call conditions (#2143)
• [x] Optimize code paths with likely/unlikely macros (#2131)
• [ ] Optimize init_event_data
• [ ] Skip time related syscalls (https://github.com/aquasecurity/tracee/pull/2080#pullrequestreview-1088837292)
• [ ] Initialize task_info_t with a map (#2125)
• [ ] Two steps here: 1. Create separate syscall tracepoints for relevant events which need their argument stored 2. Remove sys_enter and sys_exit as essential events, making them explicit dependencies for most syscall events (partially done in #2143)