[EDR Workflows] Add matches capabilities to Endpoint Exception creation (#166002)
## Summary
This PR adds `matches` (`wildcard include`) and `does not match`
(`wildcard exclude`) to fields which support them when creating an
Endpoint exception.
For backwards compatibility with Endpoints < 8.2.0, Manifest Manager
adds the following entry to Endpoint Exceptions containing _only_
wildcards:
```json
{
"field": "event.module",
"operator": "included",
"type": "exact_cased",
"value": "endpoint"
}
```
> [!Note]
> Warnings for wrongly formatted wildcards don't seem to work correctly
at the moment. #170495 will bring some changes in the related functions,
so this PR is waiting on that to be merged.
<img width="1465" alt="image"
src="db04fe0b-4cb3-4cba-a6d7-622a2239f059">
## Sample manifests
### Linux
⚠️ On Linux, the type is always `wildcard_cased`, see the following
comment for details:
https://github.com/elastic/kibana/pull/120349#issuecomment-989963682
```json
{
"entries": [
{
"type": "simple",
"entries": [
{
"field": "file.path",
"operator": "included",
"type": "wildcard_cased",
"value": "*/test/*"
},
{
"field": "event.module",
"operator": "included",
"type": "exact_cased",
"value": "endpoint"
}
]
}
]
}
```
### Windows
```json
{
"entries": [
{
"type": "simple",
"entries": [
{
"field": "file.path",
"operator": "included",
"type": "wildcard_caseless",
"value": "*/test/*"
},
{
"field": "event.module",
"operator": "included",
"type": "exact_cased",
"value": "endpoint"
}
]
}
]
}
```
### Checklist
Delete any items that are not applicable to this PR.
- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
- [ ] Any UI touched in this PR does not create any new axe failures
(run axe in browser:
[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),
[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
- [ ] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [ ] This renders correctly on smaller devices using a responsive
layout. (You can test this [in your
browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
- [ ] This was checked for [cross-browser
compatibility](https://www.elastic.co/support/matrix#matrix_browsers)
44d7c0ae95