[System] add support to ignore all "unknown" or "unavailable" filesystems

[j-koehler]

Heya,

related to #11188. This issue (here) in my case is the root cause for #11188.

When running Elastic Agent in unprivileged mode the system integration works (with some adjustments) reasonable well, even while (officially) requiring "run as root".

The biggest headache was how to fix metric alerts for unknown fileystems the elastic-agent-user does not have permission for. Node Exporter for Prometheus just ignores them. So I asked the customer experience team and they said: yeah, it's possible in metricbeat: just add "unavailable" and/or "unknown" to the list of filesystems to ignore as described in the documentation.

Turns out: this does not seem to work with Elastic Agent and the "system integration".

      - id: system/metrics-system.filesystem-e8c0361d-ce86-444b-bfc9-3f6a0149a9a3
        data_stream:
          dataset: system.filesystem
          type: metrics
        metricsets:
          - filesystem
        period: 1m
        processors:
          - drop_event.when.regexp:
              system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)
        filesystem.ignore_types:
          - unknown
          - unavailable

(the defaults + the ignore_types)

This has no effect for unavailable/unknown filetypes (lacking permissions) - other users have the very same problem. I have to add the types I want to/have to ignore explicitly one by one.

It would be nice to have support for the "magic"(?) unknown/unavailable "types" described in the Metricbeat documentation.

Thank you for your feedback.