[DOCS] Host and user risk score alert enrichments

[nkhristinin]

Related: #2477
PR (has video demo): elastic/kibana#139478

Description

As part of the host/user risk score, all alerts which have a match by host.name or user.name will be enriched with risk.* fields while creating.

For platinum users:

• Alert table will have 2 more fields host.risk.calculated_level and user.risk.calculated_level by default. User can add host.risk.calculated_score_norm and user.risk.calculated_score_norm to the table

For alert flyout:
For user and host risk score enrichments:

• Real-time enrichment will be shown as Current host risk classification or Current user risk classification
• If real-time enrichment is different from the enrichment at ingest time we also show a row with Original host risk classification

[nastasha-solomon]

Term definitions:

• Enrichment at ingest time: This is the “original” user or host risk score is written to the risk index (ml_host_risk_score_latest_<Kibana-space> and ml_user_risk_score_latest_<Kibana-space>) after the risk score is generated. This risk score doesn't display unless the real-time risk score is different from the risk score at ingest time. In this situation, the original risk score is shown in the Original host risk classification field and appears beneath the current risk score, which is represented in the Current host risk classification field.
• Real-time enrichment: This is the "current" risk score. This risk score is retrieved whenever a user opens the alert details flyout. If real-time (current) risk score remains the same as the risk score at ingest time, the risk score continues to be represented in the Current host risk classification field.

Additional misc. notes:

• The user risk score also displays on the alert details flyout and uses similar fields to convey risk score (i.e., the Original user risk classification field and the Current user risk classification field)
• After users enable the host and user risk score features, risk scores are calculated for the user/host and then written to a risk index (ml_host_risk_score_latest_<Kibana-space> and ml_user_risk_score_latest_<Kibana-space>). The Security app then queries these risk indices to find host.name or user.name values that match the host/user name values in the alert being viewed. If a match exists, the risk score is written to the alert's document and displayed in the alert details flyout.