[Winlogbeat] Fix AccessList & AccessMask processing in security data_stream

[leehinman]

What does this PR do?

• According to MS documentation examples AccessList contains a space
  separated list of access masks and AccessMask contains an integer.
• Retain old behavior if AccessMask contains a space separated
  list of access masks
• Add new code to parse AccessList as space separated list of
  access masks
• Add new code to parse AccessMask if an integer

Why is it important?

Sometimes AccessList and AccessMask were parsed incorrectly

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
  - [ ] I have made corresponding changes to the documentation
  - [ ] I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

How to test this PR locally

cd x-pack\winlogbeat\module\security\test
go test -v

Related issues

• Relates [System] Fix AccessList & AccessMask processing in security data_stream integrations#2156

[mergify]

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b windows_4663 upstream/windows_4663
git merge upstream/master
git push upstream windows_4663

[mergify]

This pull request does not have a backport label. Could you fix it @leehinman? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

• backport-v./d./d./d is the label to automatically backport to the 7./d branch. /d is the digit

NOTE: backport-skip has been added to this pull request.

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[mergify]

This pull request does not have a backport label. Could you fix it @leehinman? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

• backport-v./d./d./d is the label to automatically backport to the 7./d branch. /d is the digit

NOTE: backport-skip has been added to this pull request.

[andrewkroh]

LGTM

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2021-11-19T17:30:50.662+0000

• Duration: 57 min 52 sec

• Commit: b3d6698

Test stats 🧪

Test	Results
Failed	0
Passed	883
Skipped	0
Total	883

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• /package : Generate the packages and run the E2E tests.

• /beats-tester : Run the installation tests with beats-tester.

• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)