auditd: Retry and back-off on main log failure.

This commit revises the auditd log reading and rotation handling
logic to handle the following scenarios:

  - Handle race between file reads and rotation by checking the
    current file's size against what it previously was. Set the
    offset to zero if it looks like a rotation happened
  - Retry and back-off on most errors returned by the file read.
    The main exception is context.Cancelled - which indicates
    no retry should be attempted
  - Use a bufio.Reader to catch io.EOF error case. Such an error
    indicates that we opened the file during a partial write, or
    that a rotation happened between the size check and the read.
    When an io.EOF is returned by bufio.Reader, we now return
    a nil error and the total number of bytes read. This allows
    the caller to retry a read. This code path also takes the
    caller through the size check, which will gracefully set the
    file offset back to zero if the file appears to have been
    rotated by auditd

go.mod

@@ -3,6 +3,7 @@ module github.com/metal-toolbox/audito-maldito
 go 1.19
 
 require (
+	github.com/cenkalti/backoff/v4 v4.2.0
 	github.com/coreos/go-systemd/v22 v22.5.0
 	github.com/elastic/go-libaudit/v2 v2.3.2
 	github.com/fsnotify/fsnotify v1.6.0
@@ -13,9 +14,7 @@ require (
 	golang.org/x/sync v0.1.0
 )
 
-replace (
-	github.com/elastic/go-libaudit/v2 v2.3.2 => github.com/metal-toolbox/go-libaudit/v2 v2.3.3
-)
+replace github.com/elastic/go-libaudit/v2 v2.3.2 => github.com/metal-toolbox/go-libaudit/v2 v2.3.3
 
 require (
 	github.com/beorn7/perks v1.0.1 // indirect