pub fn classify_container_escape(comm: &str, indicator: &str) -> bool
Classify whether a process indicator suggests a container escape attempt.
Returns false for kernel threads regardless of indicator.
false