Indicating events that are vulnerable to TOCTOU

[OriGlassman]

Users should be aware of events that are vulnerable to time of use to time of check (TOCTOU) attacks.
I think every event in tracee-ebpf should mention whether they are vulnerable or not, instead of "forcing" the user to google the event and check whether this is a syscall, lsm hook, kernel tracepoint etc.

The event documentation should clearly state whether it's vulnerable, and the relevant vulnerable fields (arguments).

[yanivagman]

Good idea. Let's create an issue for this.