fix(userspace/engine): support appending to unknown sources

[jasondellaluce]

What type of PR is this?

/kind bug

Any specific area of the project related to this PR?

/area engine

What this PR does / why we need it:

In case we have a rule using an unknown source (e.g. when its plugin is not leaded), we have a bug that prevents appending to that rule. For example:

- rule: Rule1
  desc: NoDesc
  condition: evt.type=open
  priority: INFO
  output: Never
  source: mysource

- rule: Rule1
  append: true
  condition: or evt.type=openat

Which issue(s) this PR fixes:

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

fix(userspace/engine): support appending to unknown sources

[jasondellaluce]

/milestone 0.36.0

[github-actions]

This PR may bring feature or behavior changes in the Falco engine and may require the engine version to be bumped.

Please double check userspace/engine/falco_engine_version.h file. See versioning for FALCO_ENGINE_VERSION.

/hold

[jasondellaluce]

This PR may bring feature or behavior changes in the Falco engine and may require the engine version to be bumped.

Please double check userspace/engine/falco_engine_version.h file. See versioning for FALCO_ENGINE_VERSION.

/unhold

This is a just a bug fix, so this is a false positive.

[FedeDP]

/approve

[poiana]

LGTM label has been added.

Git tree hash: 9422f81552f827fea3e5ec0faf8212b26f40e310

[incertum]

/approve

[poiana]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: FedeDP, incertum, jasondellaluce

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [FedeDP,incertum,jasondellaluce]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment