in_winevtlog: Permit absence of publisher metadata

[cosmo0920]

When subscribing Forwarded events channels such as ForwardedEvents channel, PublisherMetadata could be absent.
This is the side note for this phenomenon:

[in] PublisherMetadata

A handle to the provider's metadata that the EvtOpenPublisherMetadata function returns. The handle acts as a formatting context for the event or message identifier.

You can set this parameter to NULL if the Windows Event Collector service forwarded the event. Forwarded events include a RenderingInfo section that contains the rendered message strings.

ref: https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtformatmessage

So, FormatEventMessage function should handle NULL in case of publisherMetadata to be returned NULL. However, when handling NULL case of publisherMetadata, we need to pre-allocate at the minimalistic size of buffer. Presumably, it should be set as 512 bytes by default for this use case.

---

Enter [N/A] in the box, if an item is not applicable to your change.

Testing
Before we can approve your change; please submit the following in a comment:

• Example configuration file for the change

PS> /path/to/bin/fluent-bit.exe -i winevtlog -pchannels=ForwardedEvents -p read_existing_events=On -o stdout

• Debug log output from testing the change

• Attached Valgrind output that shows no leaks or memory corruption was found

If this is a change to packaging of containers or native binaries then please confirm it works for all targets.

• Run local packaging test showing all targets (including any new ones) build.
• Set ok-package-test label to test for all targets (requires maintainer to do).

Documentation

• Documentation required for this feature

Backporting

• Backport to latest stable release.

---

Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.

[edsiper]

NOTE: CI issue is an appveyor upload file issue: