fix: ancestors and parent_exe for zombie process

[qjerome]

For zombie processes ancestors and parent_exe were not the "real" ones.

The purpose of making a zombie process is making difficult to track the real parent/child relationship. However in kunai we have the data to recover the real parent/child relationships across the full chains of ancestors of a given process.

Prior to this PR: kunai is computing ancestors and parent_exe from the parent_task returned by the kernel. The drawback with this approach is that when the process becomes a zombie the kernel sets parent to init process and we lose track of the real origin of the process.

This PR addresses this issue and puts the real ancestors and real parent_exe in events' fields

Using real ancestors and parent_exe introduces some inconsistencies in the events. After the fix .info.parent_task section does not show relevant information as it contains task information collected in kernel. So, this needs to be addressed too to reflect real parent task.

Finally, when replacing .info.parent_task with the real parent information completely hides the fact the task is a zombie, simply because we fixed everything up to resolve zombification. This is not desired as zombie tasks are not so frequent under regular circumstances but often used by malware. So we propose to add a .info.task.zombie and .info.parent_task.zombie fields (booleans) to show when a task or its parent is a zombie process.

To sum up this PR addresses:

1. put real ancestors (will not be init if task is zombie) in .data.ancestors field
2. put real parent exe in .data.parent_exe for execve and execve_script events
3. fixes .info.parent_task to be the real parent task
4. introduces .info.task.zombie and .info.parent_task.zombie boolean flags to identify when a task is a zombie
5. some minor refactoring to implement all this