filebeat,x-pack/filebeat: prevent master=>event.original rename failures

[efd6]

Proposed commit message

Prevent rename of message to event.original failing when event.original
already exists as can be the case when documents are being ingested via
logstash.

This makes the change for all modules listed as owned by security-service-integrations and sec-deployment-and-devices that still exist (some don't) and have this specific rename*. Some modules already make the check or use another already safe mechanism.

Note that tthe cisco umbrella pipeline uses a set processor which will not fail, but would clobber event.original, so it also includes the check.

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Disruptive User Impact

Author's Checklist

• [ ]

How to test this PR locally

Related issues

• For Add checks to "RENAME X to event.original" processors across Filebeat module pipelines #38224

Use cases

Screenshots

Logs

[elasticmachine]

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

[elasticmachine]

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)

[pkoutsovasilis]

lgtm

[mergify]

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b 38224-ssi upstream/38224-ssi
git merge upstream/main
git push upstream 38224-ssi