rule engine dsl syntax changes

[banditopazzo]

some changes are required to support complex rules as was pointed by krsh.

• [ ] internet protocols (TCP, UDP) for networking events
• [ ] add command line in Event header
• [x] CONTAINS operator for collections #181
• [ ] add name file (now there is only full path)
• [x] better payload.flags #81
• [x] add app arguments  in Exec payload #65
• [x] replace ! with NOT in rules syntax #75
• [x] link and unlink syscalls #64
• [x] ip and port from SocketAddr #75
• [x] fix fileCreated event #11
• [x] add probe to socket listen #66
• [x] add probe to do_mkdirat, do_renameat, do_rmdir #67