test(arch_prctl): lock in KindNull/UNCLASSIFIED + FamilyProcess

Audit of the arch_prctl(2) syscall found the tracing implementation
already correct and consistent with the man page:
- enter classifies as KindNull (op/addr never captured as fd/path)
- exit is a ret_event with UNCLASSIFIED ret_type (int 0/-1 status)
- family is Process (deliberately, unlike its x86 siblings
  ioperm/iopl/modify_ldt which are Misc), in sync with the docs and
  the tracepoints drift tests

Add dedicated lock-in tests mirroring the prior iopl audit, using the
real kernel tracepoint fields (option/arg2 on enter, ret on exit) so
the heuristics are proven safe even without the name-only mapping.
Also add explicit FamilyProcess assertions for arch_prctl and
personality to guard against drift toward Misc.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

0 files changed, 0 insertions, 0 deletions