[Alert Summaries] [BE] Move “Notify When” and throttle from rule to action

[ersin-erdal]

Meta: #143200

As preparation for Alert Summaries feature, we need to move notify_when and throttle fields from rule object to each actions in the rule.

For the sake of back compatibility we would like to keep the existing notify_when and throttle fields as well.

• Deprecate notify_when and throttle
• Make notify_when and throttle optional
• On edit / create; Allow global or per action configurations only (no mix and match, no defaults)
• Store null in notify_when and throttle when per-action configs are used
• On read; pass through the values from the SO (with possible null global values)
• UI should do per-action config and move away from global settings (set them to null) [This is for the FE issue but is worth to mention here as well]
• Per-action config is optional at the HTTP layer at this time (but would have to provide global, otherwise we fail to validate)

current and recommended schemas:
https://docs.google.com/document/d/1NibS2eQXsYkNPz0UkpqIkqUA-6CFrdpJu2vvsBtUwNM/edit

This issue relates to the following functional specifications (#143200): 2.

[banderror]

Hi @ersin-erdal, after reviewing #144130 I've got a few questions on deprecating the two attributes on the rule level.

Deprecate notify_when and throttle
UI should do per-action config and move away from global settings (set them to null) [This is for the FE issue but is worth to mention here as well]

What is the planned timeline for deprecating these two attributes, then migrating solutions to the action-level frequency objects, and finally removing support for rule-level attributes?

For Security Solution, removing support for them would be a breaking change since we expose them in the request and response parameters of the Detections API endpoints, as well as we support them in our export and import rule endpoints.

[banderror]

cc @XavierM