[Heartbeat][Agent] Seccomp / synthetics bugfix improvements

[andrewvc]

Fixes a variety of seccomp and synthetics execution related issues:

1. Adds the setcap syscall, which chrome invokes to drop all privileges. Chrome crashes w/o this.
2. Adds the getgroups syscall, which we use to log the active groups
3. Improves logging for process execution failures with more detail

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas

[elasticmachine]

Pinging @elastic/uptime (Team:Uptime)

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Duration: 82 min 22 sec

❕ Flaky test report

No test was executed to be analysed.

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• /package : Generate the packages and run the E2E tests.

• /beats-tester : Run the installation tests with beats-tester.

[vigneshshanmugam]

LGTM

[shahzad31]

Post FF Testing looks good

verified that heartbeat is runnign as a process in the container

sh-4.2$ ps aux | grep heartbeat
elastic+      97  0.9  1.6 1706532 101412 ?      Sl   14:52   0:00 /usr/share/elastic-agent/data/elastic-agent-5ad13f/install/heartbeat-7.16.0-SNAPSHOT-linux-x86_64/heartbeat -E setup.ilm.enabled=false -E setup.template.enabled=false -E management.enabled=true -E logging.level=debug -E logging.level=info -E http.enabled=true -E http.host=unix:///usr/share/elastic-agent/data/tmp/default/heartbeat/heartbeat.sock -E logging.json=true -E logging.ecs=true -E logging.files.path=/usr/share/elastic-agent/data/logs/default -E logging.files.name=heartbeat-json.log -E logging.files.keepfiles=7 -E logging.files.permission=0640 -E logging.files.interval=1h -E path.data=/usr/share/elastic-agent/data/run/default/heartbeat--7.16.0-SNAPSHOT
elastic+    1267  0.0  0.0   9108   788 pts/0    S+   14:54   0:00 grep heartbeat