[ResponseOps] improve `query-result-out-of-time-range` message in ES Query rule

[pmuellr]

The ES Query rule type has some processing to try to catch the case where it is returning documents outside the time range being searched for, as part of investigating https://github.com/elastic/kibana/issues/175980:

https://github.com/elastic/kibana/blob/4ad25cf88df179334db72a593d05ff5bc0e3eb3e/x-pack/plugins/stack_alerts/server/rule_types/es_query/executor.ts#L259-L267

There are a few problems with this:

• it's testing with the source time field, but should be using the value from fields for the time field instead. The source field can be all sorts of wacky formats, the fields value seems to be an ISO date
• we don't need anything from the doc but the source time field, and the fields time field (as noted above)
• in general, you can't "eyeball" this at all (not human readable), but should be machine readable (scriptable)
• for searchSource (KQL) flavor, the field timeField seems like it will generally be filled in, but is in fact not used (time field is saved in the data view), and I've seen cases where the rule's timeField is different than what the data view uses)

Suggestions:

• extract the time fields from the query ; start and stop of the range, plus the optional one added when you exclude matches from previous runs
• have the comparison use the fields time, not source time
• print all four time fields, range start, range end, fields time, exclude matches date, source time - will be "lined up" nicely for humans, followed by the query, doc not required
• arrange to get the time field from the data view for searchSource type, rather than use the rule's field

[elasticmachine]

Pinging @elastic/response-ops (Team:ResponseOps)