feat(event model): Create Event Model For Windows

[hongsam14]

Since Windows has a different syslog than Linux, we need to define the Windows event model in polvo-logger for crossplatform.

Current Behavior

type Metadata interface {
	ProcessForkMetadata |
		ProcessExecveMetadata |
		ProcessExitMetadata |
		BashReadlineMetadata |
		ServiceMetadata |
		TcpMetadata |
		FileOpenMetadata |
		FileRenameMetadata
}

Expected Behavior

These are the fields corresponding to sysmon and edr syslog organized by @DotJM

{
    "title": "Field name by logsource",
    "version": "20250707",
    "legit":{
        "windows":{
            "common": ["UtcTime"],
            "empty": [],
            "category":{
                "process_creation": ["CommandLine", "Company", "CurrentDirectory", "FileVersion",
                                    "Hashes", "Image", "IntegrityLevel", "LogonId", "OriginalFileName",
                                    "ParentCommandLine", "ParentImage", "ParentProcessId",
                                    "ProcessId", "Product", "User", "Hashes"],
                "network_connection": ["DestinationHostname", "DestinationIp", "DestinationIsIpv6", "DestinationPort",
                                    "Image", "Initiated", "ProcessGuid", "ProcessId", "Protocol", "SourceHostname",
                                    "SourceIp", "SourceIsIpv6", "SourcePort", "User", "ParentImage"],
                "driver_load":["Hashes", "Signature"],
                "image_load":["Company", "FileVersion", "Hashes", "Image", "OriginalFileName", "ProcessId", "Product", "User"],
                "process_access":["SourceImage", "SourceProcessId", "SourceUser", "TargetImage", "TargetProcessId", "TargetUser"],
                "file_event":["ProcessId", "Image", "TargetFilename", "CreationUtcTime", "User"],
                "registry_add":["ProcessId", "Image", "TargetObject", "User"],
                "registry_delete":["Details", "Image", "ProcessId", "TargetObject"],
                "registry_set":["Details", "Image", "ProcessId", "TargetObject", "User"],
                "registry_event":["Details", "Image", "ProcessId", "TargetObject", "User"],
                "create_stream_hash":["CreationUtcTime", "Hash", "Image", "ProcessId", "TargetFilename", "User"],
                "dns_query":["Image", "ProcessId", "QueryName", "User"],
                "file_delete":["Image", "ProcessId", "TargetFilename", "User"]
            },
            "service":{}
        }
    },
    "addon":{}
}

Branching of linux and windows versions should be supported using the log golang build-tag.

[hongsam14]

@KnightChaser check this