[Security Solution] Rule filters: strict schema

[banderror]

Epic: https://github.com/elastic/kibana/issues/138606 Related to: https://github.com/elastic/kibana/issues/147441

Summary

Currently, query filters stored in rules of selected types are typed as an array of t.unknown values which allows a user to store anything in there via the API.

https://github.com/elastic/kibana/blob/47ad5edece1bff8743962a090bab3f5050e0f7b2/x-pack/plugins/security_solution/common/detection_engine/rule_schema/model/common_attributes/misc_attributes.ts#L100-L105

For example, for the Custom Query rules, filters are defined here:

https://github.com/elastic/kibana/blob/47ad5edece1bff8743962a090bab3f5050e0f7b2/x-pack/plugins/security_solution/common/detection_engine/rule_schema/model/rule_schemas.ts#L303

https://github.com/elastic/kibana/blob/47ad5edece1bff8743962a090bab3f5050e0f7b2/x-pack/plugins/security_solution/server/lib/detection_engine/rule_schema/model/rule_schemas.ts#L175

If a user stores an invalid value instead of a valid instance of a filter model, it might break both the UI (e.g. rule Creation and Details pages) and the BE logic (rule executors).

Let's implement a strict io-ts schema for filters and validate them on-write.

To do

Let's do the following:

• Figure out what is the model of the filters we use. Find existing TypeScript types for it, find existing validation functions.
• Implement a strict io-ts schema for a filter and replace t.unknown with it in RuleFilterArray.
• Consider handling (potentially invalid) values already stored in filters. We could try to make sure whatever filters we return from the API are valid objects. Options could be: do an on-read validation or normalization, implement a rule migration,...

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)