Syscalls: filter by string

[lacraig2]

This PR adds support for 2 new features in recent igloo_driver PRs.

The first allows for us to more efficiently move buffers into the kernel (1 call instead of 2) rehosting/igloo_driver#29

The second uses this feature to add more filtering types for syscalls. rehosting/igloo_driver#30

In particular, it now allows us to filter syscall arguments and return values by string. In particular, we can now filter in one of several ways:

• string_exact
• string_contains
• string_startswith
• string_endswith

By default, providing just a string as an argument is interpreted as string_startswith.

This enables behavior like:

    @plugins.syscalls.syscall("on_sys_open_return", arg_filters=["/proc/"],retval_filter=ValueFilter.error())
    def open_ret(self, regs, proto, syscall, filename, flags, mode):
        fname = yield from plugins.mem.read_str(filename)
        self.logger.info(f"Opening {fname} failed with {syscall.retval}")

Which can catch all failing open syscalls trying to open something within /proc