[FR] Multi-line KQL formatting

[rw-access]

Is your feature request related to a problem? Please describe.
With elastic/kibana#70140, we'll have multi-line support for KQL in Kibana. More complex and/or logic is hard to read on a single line.

Describe the solution you'd like
Some type of auto-formatter for KQL, with the usual ".render()" method. It should be multi-line aware.
Generate something like this (also found a bug here:

detection-rules/rules/linux/defense_evasion_attempt_to_disable_iptables_or_firewall.toml

Line 24 in 46a4008

event.action:(executed or process_started) and (process.name:service and process.args:stop or process.name:chkconfig and process.args:off) and process.args:(ip6tables or iptables or firewalld) or process.name:systemctl and process.args:((firewalld or iptables or ip6tables) and (disable or stop or kill))

This would help us find these bugs better

event.category:process and event.action:(executed or process_started) and (
  (process.name:service and process.args:stop) or
  (process.name:chkconfig and process.args:off) or
  (process.name:systemctl and process.args:(disable or stop or kill))
) and process.args:(ip6tables or iptables or firewalld)