Add Auditbeat system module fields to fields.ecs.yml

New fields used in the Auditbeat system module that need to be added to `fields.ecs.yml`:

1. `network.type` (used in the [socket metricset](https://github.com/elastic/beats/pull/8834))
2. `process.start` and `process.working_directory` (used in the [process metricset](https://github.com/elastic/beats/pull/9139))
3. `event.kind` (everywhere)