[Security Solution] Write the `rule_source` field together with `immutable`

[jpdjere]

Epics: https://github.com/elastic/security-team/issues/1974 (internal), #174168

‼️ Part of critical path ‼️

• Depends on: [Security Solution] Make changes in the internal rule schema #180124, [Security Solution] RulesManagementClient refactoring. Part 1 #180128
• Needed for: [Security Solution] Migrate security rules encrypted saved objects to new schema with ruleSource field (BLOCKED) #184113

Summary

As part of our migration strategy to the new schema, we need to start writing the rule_source field together with the immutable field to prepare for data migration. We need to ensure that all our endpoints write the rule_source field before we start migrating detection rules so we do not end up in a situation when our data is migrated but rule CRUD endpoints continue writing the old format.

• This means that when rules are created, the new ruleSource should be initialized from the immutable field and saved to ES.
• The endpoints that create rules in Elasticsearch and therefore need to adapt to this behavior are:
  • Create Rules - POST /rules
  • Bulk Create Rules - POST /rules/_bulk_create
  • Import Rules - POST /rules/_import
  • (LEGACY) Install Prebuilt Rules And Timelines - PUT /rules/prepackaged
  • Perform Rule Installation - POST /prebuilt_rules/installation/_install
  • Perform Rule Upgrade - POST /prebuilt_rules/upgrade/_perform (creates a new rule when there is a type change)
  • Bulk duplicate
• The logic for initialization on write should be encapsulated in the new RuleManagementClient abstraction to be created in [Security Solution] RulesManagementClient refactoring. Part 1 #180128

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[elasticmachine]

Pinging @elastic/security-detections-response (Team:Detections and Resp)

[elasticmachine]

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)