mimecast: data streams' fields are all directly under `mimecast.*`

[efd6]

With the exception of the newly added message release logs data stream, all the mimecast data stream place their custom fields directly under the mimecast.* group. We should consider moving these to mimecast.<datastream>.* for each. This would be a breaking change since users may be using those fields for current rules and so on.

ref: #10732

[elasticmachine]

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)