enhancement(codecs): advanced syslog Structured Data & RFC compliance fixes

[vparfonov]

Summary

This PR upgrades the syslog encoding transform to support complex structured data (nested objects, arrays, scalars) and improves compliance with RFC 3164 and RFC 5424. It also fixes critical panics related to UTF-8 truncation.

Key Changes

1. Structured Data Improvements (RFC 5424)

Previously, the serializer only supported simple key-value pairs in structured data. This PR adds support for:

• Scalars: Top-level scalars are now automatically wrapped in a value parameter (e.g., [id value="123"]).
• Nested Objects: Deeply nested objects are flattened using dot notation to preserve hierarchy (e.g., {"meta": {"id": 1}} becomes [meta id="1"]).
• Arrays: Arrays are safely serialized as JSON strings within the parameter value (e.g.,
  tags="[\"tag1\",\"tag2\",\"tag3\"]").
  ⚠️ RFC5424 doesn't define how to handle arrays in structured data, it only specifies SD-ID and key-value pairs
• Validation: Added strict validation for SD-ID and PARAM-NAME fields to ensure they contain only printable ASCII characters (33-126) and exclude invalid characters (=, ], ", spaces), replacing invalid chars with _.

2. UTF-8 Safety (Panic Fix)

• Fix: Replaced byte-based string truncation with character-based truncation.
• Why: Previously, truncating a string at a fixed byte offset could split a multi-byte UTF-8 character (e.g., emoji or non-Latin scripts), causing the serializer to panic. The new truncate_chars helper ensures we always split on valid character boundaries.

3. RFC 3164 Compliance

• Sanitization: The TAG field (App Name/Proc ID) in RFC 3164 is now strictly sanitized to ASCII printable characters. Non-ASCII characters are replaced with underscores to prevent protocol violations.
• Structured Data: RFC 3164 does not support structured data. The serializer now correctly ignores structured data fields when rfc = "rfc3164" is selected, rather than emitting malformed headers.

Vector configuration

How did you test this PR?

• added tests for nested objects and arrays in structured data.
• added tests for UTF-8 truncation to verify panic safety with emoji and cyrillic characters.
• added tests for verifing RFC 3164 sanitization.

Change Type

• Bug fix
• New feature
• Non-functional (chore, refactoring, docs)
• Performance

Is this a breaking change?

• Yes
• No

Does this PR include user facing changes?

• Yes. Please add a changelog fragment based on our guidelines.
• No. A maintainer will apply the no-changelog label to this PR.

References

Notes

• Please read our Vector contributor resources.
• Do not hesitate to use @vectordotdev/vector to reach out to us regarding this PR.
• Some CI checks run only after we manually approve them.
  • We recommend adding a pre-push hook, please see this template.
  • Alternatively, we recommend running the following locally before pushing to the remote branch:
    • make fmt
    • make check-clippy (if there are failures it's possible some of them can be fixed with make clippy-fix)
    • make test
• After a review is requested, please avoid force pushes to help us review incrementally.
  • Feel free to push as many commits as you want. They will be squashed into one before merging.
  • For example, you can run git merge origin master and git push.
• If this PR introduces changes Vector dependencies (modifies Cargo.lock), please
  run make build-licenses to regenerate the license inventory and commit the changes (if any). More details here.

[pront]

Thanks!

[pront]

After the failing checks pass, we can enqueue. I attempted to fix one but I don't have perms to push to this branch.

[pront]

You can run make check-markdown locally to see all the errors