[Security Solution] Add Threat Match rule specific editable fields (e…

…lastic#200308)

**Partially addresses:** elastic#171520

## Summary

This PR adds is built on top of elastic#193828 and elastic#196948 and adds the following editable components for Threat Match rule type

- threat_index
- threat_query
- threat_mapping
- threat_indicator_path
- ~~threat_language~~ `threat_language` was merged with `threat_query`

## Details

This PR make a set of changes to make existing Threat Match form fields easily reusable as editable components and type safe when used in forms. In particular the following was done

- Fixes a bug blocking Threat Match rules upgrading
- Existing functionality was refactored to have reusable self-contained editable components for `threat_index`, `threat_query`, `threat_mapping` and `threat_indicator_path` rule fields 
- `threat_language` was removed since query type is included in `threat_query` field and can be edited with Query Bar
- threat mapping input was split into separate component for individual fields to be reused
- `ThreatMatchComponent` was refactored to be a controlled component instead of uncontrolled
 `ThreatMatchComponent` has a feature preventing users removing the single last entry. Instead deleting the last entry the delete button clears inputs. That functionality didn't work properly in Prebuilt Rule Customization workflow and rule creation/editing forms after creating a reusable `ThreatMappingEdit` component. Instead of trying to find a tricky fix `ThreatMatchComponent`  was refactored to remove internal state. The feature preventing users removing the single last entry was reimplemented in `ThreatMappingEdit` component.
- Fixes a bug reproducible in `main` where validation errors duplicated described in a [comment](elastic#200308 (comment))
- Fixes a bug reproducible in `main` allowing to save unknown source indices or indicator indices fields described in a [comment](elastic#200308 (comment))

## How to test

- Ensure the `prebuiltRulesCustomizationEnabled` feature flag is enabled
- Allow internal APIs via adding `server.restrictInternalApis: false` to `kibana.dev.yaml`
- Clear Elasticsearch data
- Run Elasticsearch and Kibana locally (do not open Kibana in a web browser)
- Install an outdated version of the `security_detection_engine` Fleet package
```bash
curl -X POST --user elastic:changeme  -H 'Content-Type: application/json' -H 'kbn-xsrf: 123' -H "elastic-api-version: 2023-10-31" -d '{"force":true}' http://localhost:5601/kbn/api/fleet/epm/packages/security_detection_engine/8.14.1
```

- Install prebuilt rules
```bash
curl -X POST --user elastic:changeme  -H 'Content-Type: application/json' -H 'kbn-xsrf: 123' -H "elastic-api-version: 1" -d '{"mode":"ALL_RULES"}' http://localhost:5601/kbn/internal/detection_engine/prebuilt_rules/installation/_perform
```

- Open a `threat_match` rule for editing. For example `Threat Intel Hash Indicator Match` with rule_id `aab184d3-72b3-4639-b242-6597c99d8bca`.

- Edit `Indicator index patterns`, `Indicator index query` and/or `Indicator filters`, `Indicator mapping` and `Indicator prefix override` fields

- Open `Detection Rules (SIEM)` Page -> `Rule Updates` -> click on `Threat Intel Hash Indicator Match` rule -> expand each Threat Match rule type specific field -> press `Edit` button

## Screenshots

Threat Match Query edit component
<img width="1720" alt="image" src="https://github.com/user-attachments/assets/c7183ddf-8795-424c-90e4-b7eff14d9f69">

Threat Match Index edit component
<img width="1727" alt="image" src="https://github.com/user-attachments/assets/5e50cc98-6cc6-464d-a29d-89d31718482d">

Threat Match Mapping edit component
<img width="1725" alt="image" src="https://github.com/user-attachments/assets/aba6a723-0283-4b9e-80d2-376b1dea102e">

Threat Match Indicator Path edit component
<img width="1725" alt="image" src="https://github.com/user-attachments/assets/59aa12d9-377c-4c24-ab40-fef19e55e44e">

Threat Match Mapping unknown field names validation warnings
<img width="979" alt="Screenshot 2024-12-18 at 12 45 41" src="https://github.com/user-attachments/assets/0cfd8ae3-4865-49f8-a4ac-bafe19e01671" />

<img width="1094" alt="Screenshot 2024-12-18 at 12 45 53" src="https://github.com/user-attachments/assets/7f204e12-fe65-4a64-a029-1bb44ea366a3" />

<img width="2552" alt="Screenshot 2024-12-18 at 12 47 05" src="https://github.com/user-attachments/assets/53ac4612-f443-4d89-9474-8693ab9ced2d" />

<img width="2550" alt="Screenshot 2024-12-18 at 12 47 15" src="https://github.com/user-attachments/assets/1e345c88-9427-44ba-bc25-0164c39d1700" />

x-pack/platform/plugins/private/translations/translations/fr-FR.json

@@ -37573,8 +37573,6 @@
     "xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldRuleNameOverrideLabel": "Remplacement du nom de règle",
     "xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldTagsHelpText": "Saisissez une ou plusieurs balises d'identification personnalisées pour cette règle. Appuyez sur Entrée après chaque balise pour en ajouter une nouvelle.",
     "xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldTagsLabel": "Balises",
-    "xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldThreatIndicatorPathHelpText": "Spécifiez le préfixe de document contenant vos champs d'indicateur. Utilisé pour l'enrichissement des alertes de correspondance d'indicateur.",
-    "xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldThreatIndicatorPathLabel": "Remplacement du préfixe d'indicateur",
     "xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldThresholdFieldHelpText": "Sélectionnez les champs sur lesquels effectuer le regroupement. Les champs sont joints entre eux par \"AND\"",
     "xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldThresholdFieldLabel": "Regrouper par",
     "xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldThresholdValueLabel": "Seuil",
@@ -37592,7 +37590,6 @@
     "xpack.securitySolution.detectionEngine.createRule.stepAboutRule.setupHelpText": "Fournissez des instructions sur les conditions préalables à la règle, telles que les intégrations requises, les étapes de configuration et tout ce qui est nécessaire au bon fonctionnement de la règle.",
     "xpack.securitySolution.detectionEngine.createRule.stepAboutRule.setupLabel": "Guide de configuration",
     "xpack.securitySolution.detectionEngine.createRule.stepAboutRule.tagFieldEmptyError": "Une balise ne doit pas être vide",
-    "xpack.securitySolution.detectionEngine.createRule.stepAboutRule.threatIndicatorPathFieldEmptyError": "Le remplacement du préfixe d'indicateur ne peut pas être vide.",
     "xpack.securitySolution.detectionEngine.createRule.stepAboutRuleForm.addCustomHighlightedFieldDescription": "Ajouter un champ en surbrillance personnalisé",
     "xpack.securitySolution.detectionEngine.createRule.stepAboutRuleForm.addFalsePositiveDescription": "Ajouter un exemple de faux positif",
     "xpack.securitySolution.detectionEngine.createRule.stepAboutRuleForm.addReferenceDescription": "Ajouter une URL de référence",
@@ -37629,9 +37626,6 @@
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldRuleTypeLabel": "Type de règle",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldShouldLoadQueryDynamicallyLabel": "Charger la requête enregistrée \"{savedQueryName}\" de façon dynamique dans chaque exécution de règle",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldShouldLoadQueryDynamicallyLabelWithoutName": "Charger la requête enregistrée de façon dynamique dans chaque exécution de règle",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldThreatIndexPatternsLabel": "Modèles d'indexation d'indicateur",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldThreatMappingLabel": "Mapping d'indicateur",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldThreatQueryBarLabel": "Requête d'index d'indicateur",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldThresholdCardinalityFieldLabel": "Compte",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldThresholdCardinalityValueFieldLabel": "Valeurs uniques",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldThresholdFieldCardinalityFieldHelpText": "Sélectionner un champ pour vérifier la cardinalité",
@@ -37673,9 +37667,6 @@
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.SavedQueryFormRowLabel": "Requête enregistrée",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.source": "Source",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.Su.perRuleExecutionWarning": "L'option d'exécution par règles n'est pas disponible pour le type de règle Seuil",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.threatMatchIndexForbiddenError": "Le modèle d'indexation ne peut pas être { forbiddenString }. Veuillez choisir un modèle d'indexation plus spécifique.",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.threatMatchingIcesHelperDescription": "Sélectionner des index de menaces",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.threatMatchoutputIndiceNameFieldRequiredError": "Au minimum un modèle d'indexation est requis.",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.thresholdField.thresholdFieldPlaceholderText": "Tous les résultats",
     "xpack.securitySolution.detectionEngine.createRule.stepRuleActions.docsLinkText": "En savoir plus",
     "xpack.securitySolution.detectionEngine.createRule.stepRuleActions.invalidMustacheTemplateErrorMessage": "{key} n'est pas un modèle de moustache valide",
@@ -38493,7 +38484,6 @@
     "xpack.securitySolution.detectionEngine.ruleDescription.relatedIntegrations.integrationsLink": "intégrations",
     "xpack.securitySolution.detectionEngine.ruleDescription.relatedIntegrations.integrationVersion": "Version",
     "xpack.securitySolution.detectionEngine.ruleDescription.relatedIntegrations.notInstalledText": "Non installé",
-    "xpack.securitySolution.detectionEngine.ruleDescription.relatedIntegrations.optionalText": "Facultatif",
     "xpack.securitySolution.detectionEngine.ruleDescription.relatedIntegrations.relatedIntegrationAriaLabel": "Sélecteur d'intégrations",
     "xpack.securitySolution.detectionEngine.ruleDescription.relatedIntegrations.relatedIntegrationVersionDependencyAriaLabel": "Contrainte de version d'intégration associée",
     "xpack.securitySolution.detectionEngine.ruleDescription.relatedIntegrations.relatedIntegrationVersionDependencyPlaceholder": "Semver",
@@ -38511,7 +38501,6 @@
     "xpack.securitySolution.detectionEngine.ruleDescription.requiredFields.generalWarningDescription": "Cela n'interdit pas l'exécution de la règle, mais cela peut indiquer qu'un champ requis n'a pas été correctement paramétré. Veuillez vérifier que les index spécifiés dans la {source} de la règle existent, et que les types et champs attendus sont dans le mapping.",
     "xpack.securitySolution.detectionEngine.ruleDescription.requiredFields.generalWarningTitle": "Certains champs sont introuvables dans les modèles d'index spécifiés par la règle.",
     "xpack.securitySolution.detectionEngine.ruleDescription.requiredFields.openHelpPopoverAriaLabel": "Ouvrir une fenêtre contextuelle d'aide",
-    "xpack.securitySolution.detectionEngine.ruleDescription.requiredFields.optionalText": "Facultatif",
     "xpack.securitySolution.detectionEngine.ruleDescription.requiredFields.removeRequiredFieldButtonAriaLabel": "Supprimer le champ obligatoire",
     "xpack.securitySolution.detectionEngine.ruleDescription.requiredFields.requiredFieldsLabel": "Champ requis",
     "xpack.securitySolution.detectionEngine.ruleDescription.requiredFields.validation.fieldNameRequired": "Le nom de champ est requis",

x-pack/platform/plugins/private/translations/translations/ja-JP.json

@@ -37431,8 +37431,6 @@
     "xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldRuleNameOverrideLabel": "ルール名無効化",
     "xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldTagsHelpText": "このルールの1つ以上のカスタム識別タグを入力します。新しいタグを開始するには、各タグの後でEnterを押します。",
     "xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldTagsLabel": "タグ",
-    "xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldThreatIndicatorPathHelpText": "インジケーターフィールドを含むドキュメントプレフィックスを指定します。インジケーター一致アラートの強化で使用されます。",
-    "xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldThreatIndicatorPathLabel": "インジケータープレフィックスの無効化",
     "xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldThresholdFieldHelpText": "グループ化するフィールドを選択します。フィールドは「AND」を使用して結合されます",
     "xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldThresholdFieldLabel": "グループ分けの条件",
     "xpack.securitySolution.detectionEngine.createRule.stepAboutRule.fieldThresholdValueLabel": "しきい値",
@@ -37450,7 +37448,6 @@
     "xpack.securitySolution.detectionEngine.createRule.stepAboutRule.setupHelpText": "必要な統合、構成ステップ、ルールが正常に動作するために必要な他のすべての項目といった、ルール前提条件に関する指示を入力します。",
     "xpack.securitySolution.detectionEngine.createRule.stepAboutRule.setupLabel": "セットアップガイド",
     "xpack.securitySolution.detectionEngine.createRule.stepAboutRule.tagFieldEmptyError": "タグを空にすることはできません",
-    "xpack.securitySolution.detectionEngine.createRule.stepAboutRule.threatIndicatorPathFieldEmptyError": "インジケータープレフィックスの無効化を空にすることはできません",
     "xpack.securitySolution.detectionEngine.createRule.stepAboutRuleForm.addCustomHighlightedFieldDescription": "カスタムハイライトされたフィールドを追加",
     "xpack.securitySolution.detectionEngine.createRule.stepAboutRuleForm.addFalsePositiveDescription": "誤検出の例を追加します",
     "xpack.securitySolution.detectionEngine.createRule.stepAboutRuleForm.addReferenceDescription": "参照URLを追加します",
@@ -37487,9 +37484,6 @@
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldRuleTypeLabel": "ルールタイプ",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldShouldLoadQueryDynamicallyLabel": "各ルールの実行時に、保存されたクエリー\"{savedQueryName}\"を動的に読み込みます",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldShouldLoadQueryDynamicallyLabelWithoutName": "各ルールの実行時に、保存されたクエリを動的に読み込みます",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldThreatIndexPatternsLabel": "インジケーターインデックスパターン",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldThreatMappingLabel": "インジケーターマッピング",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldThreatQueryBarLabel": "インジケーターインデックスクエリ",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldThresholdCardinalityFieldLabel": "カウント",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldThresholdCardinalityValueFieldLabel": "一意の値",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.fieldThresholdFieldCardinalityFieldHelpText": "カーディナリティを確認するフィールドを選択します",
@@ -37531,9 +37525,6 @@
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.SavedQueryFormRowLabel": "保存されたクエリ",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.source": "送信元",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.Su.perRuleExecutionWarning": "しきい値ルールタイプでは、ルール実行単位オプションは使用できません。",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.threatMatchIndexForbiddenError": "インデックスパターンを{ forbiddenString }にすることはできません。特定のインデックスパターンを選択してください。",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.threatMatchingIcesHelperDescription": "脅威インデックスを選択",
-    "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.threatMatchoutputIndiceNameFieldRequiredError": "インデックスパターンが最低1つ必要です。",
     "xpack.securitySolution.detectionEngine.createRule.stepDefineRule.thresholdField.thresholdFieldPlaceholderText": "すべての結果",
     "xpack.securitySolution.detectionEngine.createRule.stepRuleActions.docsLinkText": "詳細",
     "xpack.securitySolution.detectionEngine.createRule.stepRuleActions.invalidMustacheTemplateErrorMessage": "{key}は有効なmustacheテンプレートではありません",
@@ -38350,7 +38341,6 @@
     "xpack.securitySolution.detectionEngine.ruleDescription.relatedIntegrations.integrationsLink": "統合",
     "xpack.securitySolution.detectionEngine.ruleDescription.relatedIntegrations.integrationVersion": "Version",
     "xpack.securitySolution.detectionEngine.ruleDescription.relatedIntegrations.notInstalledText": "未インストール",
-    "xpack.securitySolution.detectionEngine.ruleDescription.relatedIntegrations.optionalText": "オプション",
     "xpack.securitySolution.detectionEngine.ruleDescription.relatedIntegrations.relatedIntegrationAriaLabel": "統合セレクター",
     "xpack.securitySolution.detectionEngine.ruleDescription.relatedIntegrations.relatedIntegrationVersionDependencyAriaLabel": "関連する統合バージョン制約",
     "xpack.securitySolution.detectionEngine.ruleDescription.relatedIntegrations.relatedIntegrationVersionDependencyPlaceholder": "Semver",
@@ -38368,7 +38358,6 @@
     "xpack.securitySolution.detectionEngine.ruleDescription.requiredFields.generalWarningDescription": "これはルール実行に影響しませんが、必須フィールドが間違って設定されていることを示している可能性があります。ルールの{source}で指定されたインデックスが存在し、マッピングで想定されたフィールドと型になっていることを確認してください。",
     "xpack.securitySolution.detectionEngine.ruleDescription.requiredFields.generalWarningTitle": "一部のフィールドが、ルールの指定されたインデックスパターン内で見つかりません",
     "xpack.securitySolution.detectionEngine.ruleDescription.requiredFields.openHelpPopoverAriaLabel": "ヘルプポップオーバーを開く",
-    "xpack.securitySolution.detectionEngine.ruleDescription.requiredFields.optionalText": "オプション",
     "xpack.securitySolution.detectionEngine.ruleDescription.requiredFields.removeRequiredFieldButtonAriaLabel": "必須フィールドを削除",
     "xpack.securitySolution.detectionEngine.ruleDescription.requiredFields.requiredFieldsLabel": "必須フィールド",
     "xpack.securitySolution.detectionEngine.ruleDescription.requiredFields.validation.fieldNameRequired": "フィード名が必要です",