Refactor AuthLogPlugin

[Poeloe]

Fixes #286

[codecov]

Codecov Report

Attention: Patch coverage is 92.67016% with 14 lines in your changes missing coverage. Please review.

Project coverage is 76.76%. Comparing base (c5bf1ed) to head (9a5eef1).
Report is 29 commits behind head on main.

Files with missing lines	Patch %	Lines
dissect/target/plugins/os/unix/log/auth.py	92.67%	14 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #860      +/-   ##
==========================================
+ Coverage   75.59%   76.76%   +1.17%     
==========================================
  Files         311      316       +5     
  Lines       26561    27272     +711     
==========================================
+ Hits        20078    20935     +857     
+ Misses       6483     6337     -146     

Flag	Coverage Δ
unittests	76.76% <92.67%> (+1.17%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[Poeloe]

Small elaboration:

Went for an approach where each record will always contain:

• ts
• source
• service
• pid
• message
• _target

I then try to parse additional fields within the message based on the service that created the log line (where pam_unix is an exception).
This parsing is on a "best effort" basis. So if it fails or does not find any additional fields, the record would always still contain the above fields. Next to that, the additional fields are added dynamically to the record.

[JSCU-CNI]

When this PR is ready to be merged in main, could you fast-forward merge two commits instead of squashing everything in one commit? That should keep the git-blame correct for #901.