Possibility to assign more detailed permissions for detection rules

[graue-Eminenz]

Describe the feature: It should be possible to restrict a user role so that it can create detection rules but is not allowed to enable them. To enforce a four-eyes principle in the detection rules.

Describe a specific use case for the feature: We have a requirement that an analyst can create a detection rule, but that it must be checked by an engineer before activation and optimized if necessary.

However, it happens again and again that an analyst creates a detection rule and then accidentally activates it with "save and enable".

We would like to prevent this. :)

[elasticmachine]

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)