examples/c: Fix ringbuf leaks in C libbpf examples

[vdasu]

Three libbpf-bootstrap examples (bootstrap, profile, and sockfilter) call bpf_ringbuf_reserve() to obtain an event buffer, populate a subset of the event's fields, and emit the full sizeof(*event) bytes via bpf_ringbuf_submit(). bpf_ringbuf_reserve() does not zero-initialize the returned memory. Any bytes the source-level path leaves unwritten retain whatever the slot held previously. This can leak previously emitted record content back to userspace on subsequent events.

The bootstrap leak was tested on Linux 6.8. struct event is written by two asymmetric handlers (handle_exec and handle_exit), each of which leaves the other handler's fields untouched, plus a 4-byte padding hole that neither handler writes. Across 3,000 captured events, exit events leaked prior exec records' filename paths and exec events leaked prior exit records' exit_code/duration_ns bytes.

__builtin_memset(event, 0, sizeof(*event)) does not work for profile since the struct (2080 bytes) exceeds LLVM's inline-store budget. LLVM lowers this memset to a libcall, which BPF programs do not support. BPF cannot link against libc and the BPF backend has no memset symbol to resolve, which causes compilation to fail. The added zero_buf() helper avoids this by writing the byte loop explicitly in a __noinline subprogram, so it lands as a single BPF-to-BPF call, and by using volatile writes so LLVM's loop-idiom recognition does not re-lower it back into __builtin_memset.