[Fleet] Add rename message processor validation

[jillguyonnet]

What does this PR do?

This PR adds the following validation rule for ingest pipeline processors.

If an ingest pipeline contains a rename processor with field: message and target_field: event.original, then:

• the rename processor should also contain if: 'ctx.event?.original == null'
• there should also exist a remove processor with field: message

Examples

Valid pipeline definition:

processors:
    - rename:
        field: message
        target_field: event.original
        if: 'ctx.event?.original == null'
    - remove:
        field: message

Invalid pipeline definition:

processors:
    - rename:
        field: message
        target_field: event.original
        # missing `if: 'ctx.event?.original == null'`
    - remove:
        field: message

Invalid pipeline definition:

processors:
    - rename:
        field: message
        target_field: event.original
        if: 'ctx.event?.original == null'
    # missing remove processor

Skipping validation

The validation error has the JSE00001 error code that allows packages to skip it (cf. skip_pipeline_rename_validation test package).

Why is it important?

There is an existing issue for integrations using a rename processor when the target field already exists: elastic/integrations#3451 (comment). This validation aims to check that no field called event.original exists if there is a rename processor that renames message to event.original (what was done in elastic/integrations#7026).

Additional changes

• Enhanced error message transforming with regex
• Custom error code based on error message regex

Checklist

• I have added test packages to test/packages that prove my change is effective.
• I have added an entry in spec/changelog.yml.

Related issues

• Closes Add new validation rule to avoid rename processor without checking event.original #583