[Discover][Alerting] Allow creating the new advanced Elasticsearch query alert in Management

[kertal]

With the merge of #131688 it became possible to create and edit the new advanced Elasticsearch query alert in Discover, so you can make use of data view, query and filters to create an alert rule. In the current implementation this is just possible in Discover. This is because we implemented this new feature iteratively. Now that also editing is possible, there's no reason left why not to create this enhanced Elasticsearch query alert in Stack Management. Currently when creating the alert in stack management it's just possible to use the Elasticsearch query DSL:

So the following should be implemented. In Stack management, once the user selected Elasticsearch query, in the following screen there should be a mandatory selection why type of query the users prefers:

• KQL or Lucene - Make use of a data view, write the query using KQL or Lucene and add filters.
• Query DSL - Make use of the powerful Query DSL of Elasticsearch.

Depending on the choice of the user, the interface of * KQL or Lucene or Query DSL would be displayed. We wouldn't support the change of the query after selection.

That's how it could look like:

And here's where the implementation would start:

kibana/x-pack/plugins/stack_alerts/public/alert_types/es_query/expression/expression.tsx

Lines 57 to 72 in bc31053

	return (
	<>
	{hasExpressionErrors && (
	<>
	<EuiCallOut color="danger" size="s" title={expressionErrorMessage} />
	<EuiSpacer />
	</>
	)}
	{isSearchSource ? (
	<SearchSourceExpressionMemoized {...props} ruleParams={ruleParams} />
	) : (
	<EsQueryExpression {...props} ruleParams={ruleParams} />
	)}
	</>
	);

[elasticmachine]

Pinging @elastic/kibana-data-discovery (Team:DataDiscovery)

[kertal]

FYI @gchaps for wording, FYI @andreadelrio for design, FYI @timductive for managing, FYI @VijayDoshi for product, FYI @gmmorris for awareness

[jughosta]

Do we want to replace index selection with data view selection also for Query DSL view?

With index selection user does not have to have a created data view. But they would need to remember which indices and time field to pick:

Current data view selection lists all existing data views but does not allow to create new data views:

[kertal]

Do we want to replace index selection with data view selection also for Query DSL view?

@jughosta this would currently break functionality, since users can add any index here. But it it would be nice if users could choose. With the introduction of Ad-hoc data view we will have more options here, so users could do both ... use a data view OR provide an index pattern. So we could do this in a later step