ESQL: Support community_id function

[flash1293]

Description

Support the functionality from https://www.elastic.co/docs/reference/enrich-processor/community-id-processor as part of ESQL as a function

The community_id function would take source ip, source port, destination ip, destination port, iana number, icmp type, icmp code, transport and seed as parameters and return the calculated community id

[elasticsearchmachine]

Pinging @elastic/es-analytical-engine (Team:Analytics)

[nik9000]

Is there a way to phrase NETWORK_DIRECTION as "is this incoming?" I feel like in ESQL this'd be a lot more ergonomic as a boolean. We could keep it as returning a string and optimize comparisons, but that feels less nice.

[flash1293]

makes sense to me, easy enough to turn it into the direction string where necessary

[MattAlp]

It actually appears that we have 4 possible keywords returned by the processor as per

elasticsearch/modules/ingest-common/src/main/java/org/elasticsearch/ingest/common/NetworkDirectionProcessor.java

Lines 146 to 155 in f058fb1

	if (sourceInternal && destinationInternal) {
	return DIRECTION_INTERNAL;
	}
	if (sourceInternal) {
	return DIRECTION_OUTBOUND;
	}
	if (destinationInternal) {
	return DIRECTION_INBOUND;
	}
	return DIRECTION_EXTERNAL;

i.e.

\	destinationInternal
sourceInternal	true	false
true	DIRECTION_INTERNAL	DIRECTION_OUTBOUND
false	DIRECTION_INBOUND	DIRECTION_EXTERNAL

I'll keep parity by having the function return these keywords as well. Auxiliary functions such as isIncoming or isIncoming could be added for filtering results from the network direction function.