[Filebeat/Journald] When in a container, use chroot to run journalctl from the host, thus eliminating version issues #47323
Description
Currently we ship the journalctl binary in some of our Docker images, which allow users to read the journal from the host, however if their Journald version is not compatible with the journalctl version in our container, the journal cannot be ingested.
This can be fixed by using chroot + a custom path to run journalctl directly from the host without having to have the binary available in our container nor any other required library to run it.
The implementation itself is simple, we just need to set SysProcAttr.Chroot and the full path (see golang/go#39341) of the journalctl binary inside the chroot when creating the exec.Cmd.
I saw this clever solution when reviewing a OTel PR.