EBPF

Creating Tetragon policies to catch malware - AF_INET raw sockets, AF_PACKET with manual Ethernet construction, and the combination-detection patterns that emerge. Working Tetragon policy additions, a custom event parser, and purple-team test binaries to verify detection coverage.