Add audit watch rule support and bugfixes

Add libaudit support for adding directory watch rules.
Add rule parsing support to auditd.
Rule format matches auditctl. Currently only supports -w and -e.
Fields supported are uid, euid, suid, fsuid, loginuid, gid, egid, sgid, fsgid and success.
Fields allow further limiting of matches, for example:
 -w /system -pwa -F uid!=system -F success=1
will match a write on /system that was successful and done by a uid other than system

Retry on EAGAIN from recvfrom on the audit netlink socket.
Always enable audit syscall functionality on start of auditd.

Signed-off-by: Joshua Brindle <brindle@quarksecurity.com>

Change-Id: I74a94dbffde835a27539559427f22b73a4c7ea24

Conflicts:
	auditd/README

Conflicts:
	auditd/README