Update Journald fields to better match ECS

[belimawr]

Proposed commit message

See title

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Disruptive User Impact

Because the fields produced by the Journald input are updated to better match ECS, once the user updates Filebeat/Elastic-Agent, the events generated will be slightly different.

Author's Checklist

• Check if the updated fields are used by the Elastic-Agent system integration

How to test this PR locally

Run Filebeat with the journald input:

filebeat.inputs:
- type: journald
  id: my-journald-id

Verify the changes:

Renamed fields:

• log.syslog.priority
• log.syslog.facility.code
• log.syslog.appname
• log.syslog.procid

Removed fields:

• container.id_truncated
• container.log.tag

Instead of container.partial, now we set the tag partial_message

To validate that the tag partial_message is correctly added, extract filebeat/input/journald/testdata/ndjson-parser.journal.gz and ingest it with the input. There is a single event on this journal file and it contains CONTAINER_PARTIAL_MESSAGE=true.

Related issues

• Closes [Journald] Better align the fields produced by the input with ECS #42208

## Use cases
## Screenshots
## Logs

[mergify]

This pull request does not have a backport label.
If this is a bug or security fix, could you label this PR @belimawr? 🙏.
For such, you'll need to label your PR with:

• The upcoming major version of the Elastic Stack
• The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change)

To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

• backport-8./d is the label to automatically backport to the 8./d branch. /d is the digit

[mergify]

backport-8.x has been added to help with the transition to the new branch 8.x.
If you don't need it please use backport-skip label and remove the backport-8.x label.

[elasticmachine]

Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)

[belimawr]

I've been looking if this PR will affect the output of the journald or system integration, the journald integration already does the same conversion as this PR using Filebeat processors (source). For the system integration, I've been looking at the code and the modified fields are either not used or get dropped.

I'll run some manual tests tomorrow just to be on the safe side.