Extend `data.elasticsearch` data source parameters

[traut]

Background

When the number of alerts is high, it is better to rely on Elasticsearch for aggregations instead of in-memory JQ query.

Moreover, to avoid long .hits.hits[]._source prefixes in JQ queries, there should be a control that returns only the hits, not the metadata of the requests.

Design

Add 2 new parameters for the data source:

• aggs -- (optional) map argument, that can be used in the request to Elasticsearch. See the documentation.
• only_hits -- (optional) boolean argument, true by default.
  • If set to false, the raw search response is returned
  • if true, only the hits are returned (response['hits']['hits'])

The data source should

• throw an error when:
  • only_hits is true, aggs attribute is set, while no query_string or query are set -- the response will contain only aggregations but they will not be returned to the data block since only_hits is true, so there will be no data to use.
• show a warning when:
  • aggs attribute is set and only_hits is true -- the response will contain aggregations but they will not be returned to the data block since only_hits is true. Only the query hits will be returned.

[traut]

Similar to https://github.com/blackstork-io/fabric/issues/112, if only_hits is set to false but there are more than one raw response, the plugin should raise an error