audit: fix syscall rules for aarch64 and FSS audit path

[everton-dematos]

Description of Changes

This PR fixes issues in the Ghaf audit configuration (https://jira.tii.ae/browse/SSRCSP-8066).

• Architecture-specific audit rules: Some syscall rules included syscalls not available on aarch64. The rules are now generated conditionally to ensure compatibility across architectures.
• FSS audit path fix: The audit rule now monitors the shared FSS base directory instead of the VM-specific key directory. This avoids failures during early boot when the VM-specific path may not yet exist.
• Tested on Nvidia AGX and Lenovo X1.

Type of Change

• New Feature
• Bug Fix
• Improvement / Refactor

Related Issues / Tickets

https://jira.tii.ae/browse/SSRCSP-8066

Checklist

• Clear summary in PR description
• Detailed and meaningful commit message(s)
• Commits are logically organized and squashed if appropriate
• Contribution guidelines followed
• Ghaf documentation updated with the commit - https://tiiuae.github.io/ghaf/
• Author has run make-checks and it passes
• All automatic GitHub Action checks pass - see actions
• Author has added reviewers and removed PR draft status

Testing Instructions

Applicable Targets

• Orin AGX aarch64
• Orin NX aarch64
• Lenovo X1 x86_64
• Dell Latitude x86_64
• System 76 x86_64

Installation Method

• Requires full re-installation
• Can be updated with nixos-rebuild ... switch
• Other:

Test Steps To Verify:

1. Check systemctl status in admin-vm and net-vm
2. Expected output:

[brianmcgillion]

nice one