Rewrite auditd role to use go-audit

[dguido]

auditd is the best security feature that no one uses. As an optional feature, we should have Algo configured to log security-critical information and email it out of the VM on a regular basis. The role should use go-audit to get its job done.

There's a lot of sample auditd configuration from CI Security that we copied over to this repo. We should verify that these rules are appropriate:

https://github.com/trailofbits/algo/blob/master/templates/audit.rules.j2
https://github.com/trailofbits/algo/blob/master/templates/auditd.conf.j2
https://github.com/trailofbits/algo/blob/master/templates/CIS.conf.j2
https://github.com/trailofbits/algo/blob/master/security.yml#L44-L52

Here's a short guide for installing and configuring go-audit:
https://summitroute.com/blog/2016/12/25/Catching_attackers_with_go-audit_and_a_logging_pipeline/

[dguido]

$250 bounty! Submit a pull request and email dan@trailofbits.com to claim it. Partial solutions may be rewarded.

[rawdigits]

As a heads up, we just added direct file output from go-audit (you no longer have to use rsyslog), which is probably helpful here.