Add kolide_program_icon_checksums table #2401
Description
We are noticing high memory usage on Windows devices when querying the kolide_program_icons table -- up to 400MB. This seems to be because we are reading the entire icon into memory in order to return it in the icon column. The code path given to us by pprof is table.GenerateProgramIcons => table.GenerateUninstallerProgramIcons => table.parseIcoFile => ico.Decode => ioutil.ReadAll => io.ReadAll.
Currently, the table will iterate through all uninstaller program icons and all installer program icons, read each one into memory, and return a row for each with all columns: icon, hash, name, and version. However, usually when we are querying the kolide_program_icons table, we only care about two, smaller columns: hash (the checksum), and name (to perform joins against programs). Osquery will always query for all of the columns regardless, so we aren't able to optimize within kolide_program_icons.
We should add a new table kolide_program_icon_checksums that only has columns hash, name, and version.