feat: add Falco provider for runtime security alerts

[nexicturbo]

Description

Add a new Falco webhook provider that receives runtime security alerts from Falco, the CNCF cloud-native runtime security tool.

Falco detects threats in real-time across containers, Kubernetes, hosts, and cloud services. This provider integrates Falco alerts into Keep via webhook.

What's included

• Webhook provider (keep/providers/falco_provider/) that accepts Falco JSON alerts
• Supports both Falco native HTTP output and Falcosidekick webhook forwarding
• Maps all 8 Falco priority levels (Emergency → Debug) to Keep's AlertSeverity
• Extracts container and Kubernetes metadata from output_fields (container ID/name/image, k8s namespace/pod, user, process, cmdline)
• Builds rich alert descriptions with context
• Stable fingerprinting based on rule + hostname + source
• Provider icon included
• Setup instructions for both direct HTTP and Falcosidekick configuration

Falco alert payload handled

{
  "uuid": "...",
  "output": "13:44:05: Critical A shell was spawned in a container...",
  "priority": "Critical",
  "rule": "Terminal shell in container",
  "source": "syscall",
  "tags": ["container", "mitre_execution", "shell"],
  "time": "2023-05-25T13:44:05.478445995Z",
  "hostname": "falco-node",
  "output_fields": {
    "container.id": "ee97d9c4186f",
    "container.image.repository": "docker.io/library/alpine",
    "k8s.ns.name": "default",
    "k8s.pod.name": "my-pod",
    "proc.cmdline": "sh -c bash",
    "user.name": "root"
  }
}

/claim #5024

Closes #5024

[vercel]

@nexicturbo is attempting to deploy a commit to the KeepHQ Team on Vercel.

A member of the Team first needs to authorize it.

[greptile-apps]

Target branch is not in the allowed branches list.