Added macOS Sigma process_creation rules

[araesa]

• Added process_creation log source to MacOS.Sigma.BaseVQL so SigmaHQ process_creation rules can be compiled
• Added MacOS.Sigma.Triage config with SigmaHQ macos process_creation rules
• Added compileMacOSTriage Makefile target (depends on compileMacOSBaseVQL)
• Added golden tests for BaseVQL process_creation and Triage artifact

[scudette]

Check out the process tracker which does keep track of all processes and their call chains on MacOS

https://docs.velociraptor.app/blog/2022/2022-08-17-process-tracker/

[araesa]

Updated in the latest commit. Now uses process_tracker_pslist() and process_tracker_get() for parent/grandparent chain resolution.

It works better than the old pslist() snapshot since it keeps history and resolves parent chains. The limitation is that macOS has no eBPF/ETW events, so the tracker syncs by polling pslist() and short-lived processes between syncs can be missed.

There is no MacOS.Events.TrackProcesses CLIENT_EVENT artifact in core yet (only Linux and Windows have one). Without it, process_tracker_pslist() falls back to pslist(). I can add the macOS tracker artifact to core Velociraptor if this PR looks good.