add "Windows Azure Linux Agent"'s pid file to list (#2328)

* add "Windows Azure Linux Agent"'s pid file to list

https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/agent-linux
this tool is default installed on azure linux hosts, can resolve my problem as an exception and have but the tool is common enough in cloud environments that it deserves inclusion.

* Update execution_abnormal_process_id_file_created.toml

* Update rules/linux/execution_abnormal_process_id_file_created.toml

Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com>

rules/linux/execution_abnormal_process_id_file_created.toml

@@ -118,7 +118,8 @@ file where event.type == "creation" and user.id == "0" and
     "nginx.pid",
     "dhclient.pid",
     "smtpd.pid",
-    "stunnel.pid"
+    "stunnel.pid",
+    "1_waagent.pid"
     )
 '''