build_process_tree: add seqid, PID matching based on position in process sequence

[psrok1]

Timestamps were used by build_process_tree to solve problem with PID reuse in Windows. It's not ideal solution because resolution of these timestamps is not high enough to be an unique identifier of an event in sequence. In the same time, process tree is build from procmon.log that has two specific properties:

• First entries in procmon.log are RunningProcess entries

  {"Plugin": "procmon", "TimeStamp": "1725031702.563155", "PID": 4, "PPID": 0, "RunningProcess": "System"}
  {"Plugin": "procmon", "TimeStamp": "1725031702.563245", "PID": 92, "PPID": 4, "RunningProcess": "Registry"}
  

  These entries are list of kernel EPROCESS objects listed to show initial state of processes when Drakvuf was started. This list may contain both active and already terminated processes that are in signalled state and are waiting for removal (concept similar to zombie processes in Linux). PIDs should be unique within this list but PPID refers only to the processes that are on earlier positions than current process.

• Next entries are events informing about process creation and termination among other events. Based on experiments, we can safely assume that they are emitted in the same order as the actual events. That's why we don't need to resolve any timestamps. If we need to find a process creation event that matches process termination event, we just need to traverse processes backwards.

This PR introduces PID matching starting from last registered process and seqid that is stored in process_tree.json to uniquely identify a specific process object.