[Security Solution] Implement query fields diff algorithms

[banderror]

Epics: https://github.com/elastic/security-team/issues/1974 (internal), #174168

Summary

Implement algorithms for diffing and merging changes in RuleKqlQuery, RuleEqlQuery, and RuleEsqlQuery types of fields. It should be applied to:

kibana/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/model/diff/diffable_rule/diffable_rule.ts

Line 119 in 1040bae

kql_query: RuleKqlQuery, // NOTE: new field

kibana/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/model/diff/diffable_rule/diffable_rule.ts

Line 131 in 1040bae

kql_query: RuleKqlQuery, // NOTE: new field

kibana/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/model/diff/diffable_rule/diffable_rule.ts

Line 143 in 1040bae

eql_query: RuleEqlQuery, // NOTE: new field

kibana/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/model/diff/diffable_rule/diffable_rule.ts

Line 157 in 1040bae

esql_query: RuleEsqlQuery, // NOTE: new field

kibana/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/model/diff/diffable_rule/diffable_rule.ts

Line 168 in 1040bae

kql_query: RuleKqlQuery, // NOTE: new field

kibana/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/model/diff/diffable_rule/diffable_rule.ts

Line 185 in 1040bae

kql_query: RuleKqlQuery, // NOTE: new field

kibana/x-pack/plugins/security_solution/common/api/detection_engine/prebuilt_rules/model/diff/diffable_rule/diffable_rule.ts

Line 207 in 1040bae

kql_query: InlineKqlQuery, // NOTE: new field

Context from the Rule Customization RFC:

• Concrete field diff algorithms by type

To do

• Step 1 (separate PR)
  • Implement the algorithm and cover it with unit tests: [Security Solution] Adds diff algorithm and unit tests for query fields #190179
• Step 2 (separate PR)
  • Apply the algorithm to the corresponding rule fields. It will become used in the upgrade/_review endpoint.
  • Write a test plan covering rule upgrade scenarios for the fields to which the algorithm has been applied.
    • [Security Solution] Test plan for query fields diff algorithm #192529
  • Add test coverage according to the test plan (integration tests, primarily?).
    • [Security Solution] Integration tests for query diff algorithms #192655

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[elasticmachine]

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

[elasticmachine]

Pinging @elastic/security-detections-response (Team:Detections and Resp)