The "path" column for a systemd unit row can be empty.

Added missing possible values for the "status" column,
when the "type" column value is "systemd unit".

Removed "Login Item" as a possible value for the "type" column,
since now "Startup Item" is used.

Removed "disabled" as a possible value for the "status" column,
since it's not returned anymore and due to the type "Startup Item"
being either a script or a .desktop file, which do not have a disabled state;
if they need to be they'll just be removed
and they won't appear in the table anymore.

Separately check for the "status" column possible values
since they differ based on the "type" column value.

The extended attributes present on a test file
might not be only the ones set by the test itself.
If SELinux is installed for instance, an additional extended attribute
is present.
Therefore instead of requiring that the list of attribute names
is exactly the one set by the test, verify that the attribute names
we expect are present in the list.

Do not expect that the extended attributes list of a test file
contains only the attributes that have been set by the test.
Check that the extended attributes set by the test are all present
instead.

Packs queries are scheduled only if all the discovery queries return
rows.

Attempts to clear up a common misconception about the functionality of
the `denylist` key.

Yara publicly exposes the definition of various str functions like
strlcpy, strlcat and so on if they are not present on the system
it is compiled on.

This is not ideal because other libraries use custom implementations
of those functions and those symbols would collide with
the public ones from yara, therefore we rename them
to avoid the collision.

This speeds up the configuration phase and simplifies having
control of the compilation flags used.

Additional changes were required due to other libraries incorrectly
depending on glog and gflags cmake code or headers.
smartmontools especially, was incorrectly publicly depending
on its own config.h, which was though taken from glog
when smartmontools libsmartclt.h header was included by user code.
A fix has been done on the smartmontools side and so the submodule
commit we refer to has been updated.

The status badge was incorrectly specified and it was "merged"
with the Azure one.

Add a link that sends to the Github Actions builds on the master branch
when the status badge is clicked.

The upstream repository was failing to do shallow clones.

osquery was already linking with -pthread and so linking
to libpthread on Linux, but it wasn't always defining
the _REENTRANT macro which is done by the -pthread option
given at compile time.
Although in the third party libraries that need it,
it should've been defined in other ways (directly or via a config.h),
always add -pthread for correctness and consistency.

Note: macOS doesn't need -pthread at link time because
pthreads are already implemented inside the libc library.

This is a follow-up to #6893 fixing an additional cross-platform
compatibility issue with the relative path check in Yara.

Make the relative filepath check cross-platform.

Fixes #6788

This table provides output similar to "docker history" command.
See: https://docs.docker.com/engine/reference/commandline/history/
created_by column has useful information related to the command history

libdpkg is leaking memory on every initialization.
Initialization happens everytime deb_packages gets queried.

The memory leaked is allocated for the "triggersdir"
global variable by "dpkg_db_get_path" called in "trigdef_update_start".
"trigdef_update_start" is called by "trig_incorporate" just after
the memory for "triggersdir" has been allocated.
In some occasions "trigdef_update_start" is also called two times in a
row. In all these cases the memory do not get deallocated in between calls,
so the old memory is lost.

Since the result of "dpkg_db_get_path" depends on the database dir that
has been set, and in the "trigdef_update_start" function it's not possible
to know if it has changed from the previous allocation or not,
it's necessary to always deallocate vs just avoid to call "dpkg_db_get_path".

Fix also a couple of other leaks on error.