[System/Windows/Winlog] Document 21 Event ID clause limit under certain situations

[taylor-swanson]

What does this PR do?

• Add documentation around case where the event ID clause limit is lower than what is claimed by current docs.
• Add additional documentation for workaround when event ID clause limit is exceeded.
• Formatting and cleanup per elastic-package

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• [ ] I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.

Related issues

• Closes [System/Windows/Winlog] Document 21 Event ID clause limit under certain situations #5835

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-04-10T17:51:29.045+0000

• Duration: 17 min 36 sec

Test stats 🧪

Test	Results
Failed	0
Passed	276
Skipped	0
Total	276

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

[elasticmachine]

🌐 Coverage report

Name	Metrics % (covered/total)	Diff
Packages	100.0% (7/7)	💚
Files	91.667% (11/12)	❕
Classes	91.667% (11/12)	❕
Methods	72.832% (126/173)	❕
Lines	95.033% (7883/8295)	❕
Conditionals	100.0% (0/0)	💚

[elasticmachine]

Package system - 1.25.3 containing this change is available at https://epr.elastic.co/search?package=system

[elasticmachine]

Package windows - 1.19.2 containing this change is available at https://epr.elastic.co/search?package=windows

[elasticmachine]

Package winlog - 1.13.1 containing this change is available at https://epr.elastic.co/search?package=winlog