[Security Solution][Detection Engine] Detection rules should use dataViewLazy to reduce field caps data transfer

[mattkime]

Parent issue: https://github.com/elastic/security-team/issues/10106

This is a continuation of the work in https://github.com/elastic/kibana/pull/184890

New terms, threshold, and indicator match rules still load fieldCaps for all fields on every rule execution. We should look into new terms and threshold next as they are more common rules than indicator match, and they should be simpler to fix than indicator match.

Once new terms and threshold are fixed, we should look at IM rules and check for any other places where we can reduce field caps usage.

The offending logic is https://github.com/elastic/kibana/blob/main/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/create_security_rule_type_wrapper.ts#L340-L353

[elasticmachine]

Pinging @elastic/security-detection-engine (Team:Detection Alerts)

[yctercero]

Related: https://github.com/elastic/kibana/issues/187059