[Security Solution][Alerts] Rule exception preview

[e40pud]

Rule preview now provides users with a reliable way to assess how a rule will perform before creating a rule or before saving changes when editing a rule. Rule preview when editing a rule takes into account any exceptions that have already been added to the rule. However, when creating a new exception users don't have a good way to quickly verify if the exception will suppress new alerts the way they intend.

Discussion

In the original ticket we proposed two UX changes. We addressed the mapping issues in this PR.

The intention of this ticket is to cover the second part of the original ticket:

Extend the rule preview API to accept ephemeral exception items, separately from the standard rule schema that includes exception list IDs, so we can preview what the rule would do with an exception item without actually creating the exception. We could then add a preview capability in the "Add Rule Exception" flyout with either a full table of preview results, a summary of statistics about the preview results (alerts created, or a histogram, etc), or maybe 2 tables side-by-side comparing how the rule executes with/without the exception.

Related epic.

cc @marshallmain

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[e40pud]

@ARWNightingale We would need your help with this one to understand how we could re-use Rule Preview component from the Rule creation/editing page on "add rule exception" page.

[ARWNightingale]

Discussed yesterday in backlog grooming and it was deemed to be out of scope/lower priority for 8.8.