Enable Splunk HEC format for all sinks

[mjstrasser]

Currently Klogging can specify a Splunk HEC endpoint and will send log events there in HEC (HTTP Event Collector) format.

It is not able to render events in HEC format and send them to other sinks, e.g stdout. The current HEC renderer is bound up in the Splunk sink code.

This change is to separate rendering from sending, as for other formats.

[mjstrasser]

Re-reading Splunk docs, especially on event metadata, I have a better understanding of the meaning of sourcetype and source keys.