[Filebeat] ETW input - Improve event filtering

[chemamartinez]

Currently, the ETW input exposes the match_any_keyword option to filter events for a specific provider. It works for most use cases and is the filtering mechanism that most users are familiar with.

From Windows 10 1709, it is available a more advanced approach that allows filtering by event ID and other event parameters. See https://learn.microsoft.com/en-us/windows/win32/api/evntprov/ns-evntprov-event_filter_descriptor.

There is also the possibility to filter events once they arrive at the event callback based on the event fields. However, this option is not optimal, as it requires parsing the events on our end before filtering.

[elasticmachine]

Pinging @elastic/sec-windows-platform (Team:Security-Windows Platform)

[jdu2600]

👍 Event ID filtering is way more intuitive (and flexible and often performant) than keyword filtering.