[Security Solution] Assign proper diff algorithms to all rule fields

[banderror]

Epics: https://github.com/elastic/security-team/issues/1974 (internal), https://github.com/elastic/kibana/issues/174168 Related to: https://github.com/elastic/kibana/pull/144060

Summary

In the Rule Customization RFC, we proposed different concrete diff algorithms for different types of rule fields. The goal of concrete diff algorithms is to improve the rule upgrade UX by trying to auto-merge user customizations with updates from Elastic.

Once the following algorithms are developed and assigned to a subset of rule fields: single-line string, multi-line string, number, array of objects, array of scalar values; we will need to review all the rule fields we have, which algorithms are used for which fields, and if there are any gaps.

For example, we might need to:

• Assign already existing concrete algorithms to some fields that still use the simple diff algorithm.
• Develop new concrete algorithms. It could be an algorithm for a specific field, e.g. MITRE mappings.

The end goal is to have all the rule fields assigned a proper diff algorithm.

Prior art

• Rule Customization RFC
• https://github.com/elastic/kibana/pull/148913

[elasticmachine]

Pinging @elastic/security-detections-response (Team:Detections and Resp)

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)