filters: implement capability filters

Implement a new export filter for process capabilities. The filter includes support for matching effective, permitted, and inheritable capability sets, with various match behaviours. Behaviours include:

- `any`: matches if one or more listed capabilities appear in process caps
- `all`: matches if all listed capabilities appear in process caps
- `exactly`: matches if listed capabilities are exactly equal to process caps
- `none`: matches if no listed capabilities are in process caps

The following are some example uses.

Match when effective capabilities include either CAP_SYS_ADMIN or CAP_BPF:

    {"capabilities": {"effective": {"any": ["CAP_SYS_ADMIN", "CAP_BPF"]}}}

Match when permitted capabilities do not include CAP_SYS_ADMIN:

    {"capabilities": {"permitted": {"none": ["CAP_SYS_ADMIN", "CAP_BPF"]}}}

Match when inheritable capabilities include either CAP_SYS_ADMIN and CAP_BPF:

    {"capabilities": {"inheritable": {"all": ["CAP_SYS_ADMIN", "CAP_BPF"]}}}

Match when inheritable capabilities are exactly CAP_SYS_ADMIN:

    {"capabilities": {"inheritable": {"exactly": ["CAP_SYS_ADMIN"]}}}

Signed-off-by: William Findlay <will@isovalent.com>