[DOCS][Rules][Data Views] - Data views available in rule creation flow

[yctercero]

Description

Users can specify data views wherever index pattern specification is available in order to take advantage of runtime fields, which are associated with a data view.

Issue: https://github.com/elastic/security-team/issues/2874
PR: elastic/kibana#130929

Acceptance Test Criteria

• When creating a rule, the user should be able to select a Data View to be used as the source of data
  • Note that this should be in addition to allowing them to select "source index patterns". The ability to select "source index patterns" is still needed because prebuilt rules rely on it.
  • For Indicator Match rules, a user should also be able to select a "Data View" as the indicator data source.
• After a "Data View" is selected, when entering a "custom query" the user should see runtime fields associated with the "Data View" in the field suggestions.
• After a "Data View" is selected, when entering an "EQL query" the user should be able to use runtime fields associated with the "Data View" in the EQL editor.
• After a "Data View" is selected, runtime fields associated with the "Data View" should be available as options for field overrides such as rule name override.
• When creating a Threshold Rule, the user should be able to select a runtime field as the group by field, if they configured a Data View as the data source.
• When creating an Indicator Match rules, runtime fields associated with the "Data View" should be available as options for the Indicator mapping field and Indicator index field configurations.
• When selecting a Data View, the user should have the option or a link to add a new runtime field to their selected Data View. Similar to the workflow in Discover.
• For the "alerts on alerts" scenario, the user should be guided towards using the .alerts Data View so they can take advantage of any runtime fields they may have added.

Notes

• Be sure to add any necessary screenshots, code text or console commands for clarity.
• Include any conditions or caveats that may affect customers.

[dhurley14]

related PR: elastic/kibana#130929

[dhurley14]

Some screenshots please let me know if you need more! cc @joepeeples

Data view selection

Example data view options

Rule details view

[nastasha-solomon]

@dhurley14 when you're ready, feel free to reach out to the @elastic/security-docs team for help crafting and reviewing the UI tour text for this feature.

[yctercero]

Error state when imported rule where data view does not exist - elastic/kibana#137841