Option to choose the treatment of null fields by the JSON decoder

[chemamartinez]

This PR solves the issue #669 adding the possibility of choose how to store a null value from a JSON event. It has been added a new option when configuring decoders called json_null_field.

An example is shown using the following decoder definition:

<decoder name="testdecoder">
  <program_name>^test_program$</program_name>
  <prematch>^{\s*"</prematch>
  <plugin_decoder>JSON_Decoder</plugin_decoder>
  <json_null_field>discard</json_null_field>
</decoder>

The allowed values for this new tag are the following:

• discard: this option doesn`t save the null field (is the default value). Alerts look like the following one:

** Alert 1527266080.9255: - test
2018 May 25 18:34:40 hostname->/root/test.log
Rule: 100101 (level 10) -> 'This is a test alert'
May 25 00:00:00 hostname test_program[0001]: {"date":"2018-05-25","field1":null,"field2":"string"}
date: 2018-05-25
field2: string

• empty: this option adds the null field as empty.

** Alert 1527266080.9255: - test
2018 May 25 18:34:40 hostname->/root/test.log
Rule: 100101 (level 10) -> 'This is a test alert'
May 25 00:00:00 hostname test_program[0001]: {"date":"2018-05-25","field1":null,"field2":"string"}
date: 2018-05-25
field1:
field2: string

• string: this was the previous behavior, it casts the null field as the "null" string.

** Alert 1527266080.9255: - test
2018 May 25 18:34:40 hostname->/root/test.log
Rule: 100101 (level 10) -> 'This is a test alert'
May 25 00:00:00 hostname test_program[0001]: {"date":"2018-05-25","field1":null,"field2":"string"}
date: 2018-05-25
field1: null
field2: string

[lmdeaton1]

If an wazuh agent is parsing a JSON log that has NULL fields, how is that handled? Can this same option be placed on the agent side?