[EDR Workflows][Osquery] Add shared table toolbar components and redesign saved queries list

[szwarckonrad]

Adds shared table toolbar components and redesigns the saved queries list page behind the queryHistoryRework feature flag.

Shared toolbar components (components/table_toolbar/):

• SelectableFilterPopover — generic multi-select filter
• CreatedByFilterPopover — user filter with avatars from current page data
• EnabledFilterButtons — enabled/disabled toggle (for packs, used in follow-up)
• ColumnPickerPopover — show/hide columns ("Columns: N")
• SortFieldsPopover — sort field + direction picker
• TableToolbar — composed container with two-row layout

Saved queries table redesign (routes/saved_queries/list/):

• EuiBasicTable with server-side pagination, sorting, search, and filtering (replaces EuiInMemoryTable)
• Created-by filter popover with user avatars via useGenericBulkGetUserProfiles
• Column visibility toggling and sort popover
• "Save query" action button in toolbar
• Row actions via kebab menu (edit, duplicate, delete)

Server-side search fix:

• Replaced SO search/searchFields with KQL filter using wildcards — fixes 400 errors on keyword fields (id)
• Uses escapeKuery from @kbn/es-query for proper KQL escaping

Layout cleanup (behind feature flag):

• New/edit saved query pages skip WithHeaderLayout — renders clean layout matching pack pages
• MainNavigation hides title + tabs on sub-routes (new/edit/details)

All changes gated behind queryHistoryRework feature flag — old UI untouched when flag is off.

Closes https://github.com/elastic/security-team/issues/16312
Closes https://github.com/elastic/security-team/issues/16314

565181203-a721fbf7-8638-45a8-8557-abf622c7bb70.mov

[coderabbitai]

Caution

Review failed

An error occurred during the review process. Please try again later.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

CodeRabbit can suggest fixes for GitHub Check annotations.

Configure the reviews.tools.github-checks setting to adjust the time to wait for GitHub Checks to complete.

[elasticmachine]

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)

[elasticmachine]

💛 Build succeeded, but was flaky

• Buildkite Build
• Commit: 9e9ead7

Failed CI Steps

• Jest Tests #4
• Scout: [ security / entity_store ] plugin

Test Failures

• [job] [logs] Jest Tests #4 / SearchBar add filter
• [job] [logs] Scout: [ security / entity_store ] plugin / local-serverless-security_complete - Entity Store Main logs extraction - Should extract properly extract service

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id	before	after	diff
osquery	582	591	+9

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
osquery	1.3MB	1.3MB	+15.1KB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
osquery	45.2KB	45.2KB	+1.0B

cc @szwarckonrad