[winlogbeat] Fix UAC translation values

[bhapas]

Few users reported that winlog.event_data.NewUACList shows incorrect translation for the User Access Control values and there is a discrepancy with what is generated from Powershell too.

From the official documentation the values should be https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/4df07fab-1bbc-452f-8e92-7853a3c7e380

• x-pack/winlogbeat/modules/security: fix UAC attribute bit table #37009
• system,windows: fix UAC attribute bit table integrations#8361

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[andrewkroh]

Basically the table at

beats/x-pack/winlogbeat/module/security/ingest/security.yml

Lines 838 to 862 in 48603f7

	# User Account Control Attributes Table
	# https://support.microsoft.com/es-us/help/305144/how-to-use-useraccountcontrol-to-manipulate-user-account-properties
	params:
	"0x00000001": SCRIPT
	"0x00000002": ACCOUNTDISABLE
	"0x00000008": HOMEDIR_REQUIRED
	"0x00000010": LOCKOUT
	"0x00000020": PASSWD_NOTREQD
	"0x00000040": PASSWD_CANT_CHANGE
	"0x00000080": ENCRYPTED_TEXT_PWD_ALLOWED
	"0x00000100": TEMP_DUPLICATE_ACCOUNT
	"0x00000200": NORMAL_ACCOUNT
	"0x00000800": INTERDOMAIN_TRUST_ACCOUNT
	"0x00001000": WORKSTATION_TRUST_ACCOUNT
	"0x00002000": SERVER_TRUST_ACCOUNT
	"0x00010000": DONT_EXPIRE_PASSWORD
	"0x00020000": MNS_LOGON_ACCOUNT
	"0x00040000": SMARTCARD_REQUIRED
	"0x00080000": TRUSTED_FOR_DELEGATION
	"0x00100000": NOT_DELEGATED
	"0x00200000": USE_DES_KEY_ONLY
	"0x00400000": DONT_REQ_PREAUTH
	"0x00800000": PASSWORD_EXPIRED
	"0x01000000": TRUSTED_TO_AUTH_FOR_DELEGATION
	"0x04000000": PARTIAL_SECRETS_ACCOUNT

has the wrong hex numbers. The correct ones are in the table given by Bharat. That needs synced to Fleet system.security and windows.forwarded.