PID wrap/reuse can cause network connections to be incorrectly de-duped

[benhsmith]

The network tracking table (net-hooks.c) tracks network connection for a process, to dedup net-conn events.

The tracking table tracks the process only using the PID value & does not include start time. This means that if the PID were to be reused, the new process would match the existing entry and would be de-duped.

The solution would be adding the start-time to the network-tracking table.