Remove an extra 'the' in 'Preparing to build the osquery-packaging repository'

…7411)

This column is deprecated, and on modern windows machines always returns true. Hide it.

Do not run discovery queries for packs when fuzzing,
since they easily get oss-fuzz to timeout or go oom.

The detach operation uses the DROP TABLE sql query to remove a table,
but this doesn't work with eponymous tables.
Use the "disable_tables" flag instead,
which prevents the initialization of the specified tables.

Add support for Apple Silicon architecture. Update dependancies and documentation to support this. 

Co-authored-by: Stefano Bonicatti <stefano.bonicatti@gmail.com>
Co-authored-by: Adam Meily <adam.meily@trailofbits.com>

The thirdparty_sleuthkit_fs_cpp object library actually depends
on thirdparty_sleuthkit_auto but we are not explicitly specifying
that depedency.
Sometimes it works, sometimes it doesn't (like on oss-fuzz).

Add the correct dependency and also change thirdparty_sleuthkit_fs_cpp
to be a STATIC library, because linking to thirdparty_sleuthkit_auto
causes a circular dependency (which is also present upstream),
and CMake can only deal with that if every library involved is STATIC.

Also fix the parsing of the "EXPLAIN QUERY PLAN" output,
since the detail column has changed format for the SCAN operation,
from "SCAN TABLE <uppercase tablename>" to just "SCAN <provided tablename>".

Some updates to the `time` table to reflect UTC

* Fix a crash when Yara uses its own strutils functions
* Add a test that triggers the issue.
* Fix line endings.
* Improve test and add a case also for Windows

CHANGELOG.md:822: Plaforms -> Platforms, occures -> occurs
docs/wiki/deployment/configuration.md: specificied -> specified
osquery/experimental/README.md:5: it wether -> whether it

In sqlite, column names are case insensitive. As such, the ATC check for the `path`column must be as well.

remove utc flag from example config file

New Table for parsing Windows Defender Firewall Rules

A typo was preventing the CI to select possible matching submodule caches.

Add a no-op hidden `utc` flag to allow for backward compatibility and transition time with older configuration

Resolves #7321

This define got lost with the library update

Use the time base conversion coming from mach_timebase_info
also for the cpu time values coming from the libproc API.

The user_time and system_time columns values are taken
from the proc_pid_rusage API values of ri_user_time and
ri_system_time.
The unit of those two values was incorrectly considered
to always be nanoseconds, but they are mach ticks,
much like the start_time that is later calculated
via mach_absolute_time.

While on x86_64 the time base info used to convert ticks to nanoseconds
returns a numerator and denominator that are both 1,
on M1 they are not (125 and 3 is one example).