[Auditbeat] Cherry-pick #10942 to 6.7: User dataset: Numerous fixes to error handling

[cwurm]

Cherry-pick of PR #10942 to 6.7 branch. Original message:

When testing the user dataset on Fedora 29, I noticed it's not working. Digging into it, there were a few issues, all of which this PR fixes:

1. When calling C functions via cgo, we should not rely on the error return value to determine if it failed. In most cases, there is no guarantee that errno is going to be zero on success (see here for some detail). Instead, we should check the return value first, and if that indicates that there might have been an error (usually when it's NULL/nil) we should check the error return.
2. getpwent(3) explicitly states If one wants to check errno after the call, it should be set to zero before the call. errno cannot be accessed directly in Go code, so we introduce a helper function setErrno for that. getspent(3) does not have the same warning, but given that at least glibc uses the same code path for both, it's reasonable to assume the same applies. So we set errno to 0 before calling both functions.
3. errno is thread-local, and the function families setpwent/endpwent/getpwent and setspent/endspent/getspent are not thread-safe, so we introduce runtime.LockOSThread()/UnlockOSThread() to make sure all C functions are run on the same OS thread.
4. Usually, when iterating through users getpwent() should return NULL and errno should be zero when all entries have been returned. However, there is a bug in systemd that causes it to set errno to ENOENT even when there is no error (nss-systemd's getpwent sets errno to ENOENT systemd/systemd#9585). This bug affects at least Fedora 29. Following this change ENOENT is treated as if there is no error. It's not supposed to be a valid error value for getpwent() anyway, so should not happen anytime outside this bug.
5. The previous systemd bug caused the user dataset to return no users, even though all users had been read successfully. This PR changes to gathering errors in multierrors and returning them alongside whatever data could be read. This is in line with wanting to make the System module more resilient to non-fatal failures during data collection (better to return some things alongside an error than no things at all).
6. The system test will now fail when there are WARN/ERROR messages in the log. This change can probably also be made for the other datasets.

Writing up this PR description I'm realizing this combines quite a few issues. I could split it into multiple PRs if anybody wants, though most would have only a few lines of changed code. Because some indentation changed it's best to check Github's No Whitespace button.

[elasticmachine]

Pinging @elastic/secops