Allow custom descriptions for self-nesting reuses

[ebeahan]

Self-nesting fieldsets, such as process.parent or user.effective, user.changes, user.target, reuse the top-level fieldset's short description field. The result is less accurate descriptions included alongside the fieldset names in the Field Reuse section in the ECS docs:

An optional field could be added to the schema definition's reuse section to override the default use of the top-level fieldset's short description.

[webmat]

Thanks for capturing this!

I think also a third column might be useful to add here. The current "Nested fields" column assumes that the name of a field set doesn't change, when nesting. Essentially it captured which fields were being nested (pe), and where (process.pe). Since this can now be decoupled, I think something like this would clarify things a lot:

Nested fields	Location	Description
code_signature	process.code_signature.*	These fields contain information about binary code signatures.
hash	process.hash.*	Hashes, usually file hashes.
process	process.parent.*	Information about the parent process.
pe	process.pe.*	These fields contain Windows Portable Executable (PE) metadata.

And of course the "reuse description override" can optionally be used to clarify some of the less obvious field reuses, including those under a different name, as I demonstrate with process.parent above.