[winlog] Support xml_query as a configuration option

[andrewkroh]

Enhancement request

Make it possible to use the xml_query^1 configuration option with the custom winlog input. You cannot use the custom option because xml_query is mutually exclusive with name (as well as event_id, ignore_older, level, and provider).

Use case

There are complex queries that cannot be expressed using the available configuration options. So it should be possible to provide an XML query.

[elasticmachine]

Pinging @elastic/sec-windows-platform (Team:Security-Windows Platform)