[Security Solution] Add source_updated_at field to PrebuiltRuleAsset

[banderror]

Epic: #174168
Related to: elastic/detection-rules#2826

Summary

We're going to add a new optional field source_updated_at to prebuilt rule assets (saved objects of type security-rule) we ship via the package with prebuilt rules. The TRADE team is working on it as part of elastic/detection-rules#2826.

Here's an example of this field for the Linux Restricted Shell Breakout via Linux Binary(s) prebuilt rule asset:

{
  "security-rule": {
    "rule_id": "52376a86-ee86-4967-97ae-1a05f55816f0",
    "name": "Linux Restricted Shell Breakout via Linux Binary(s)",
    "description": "Identifies the abuse of a Linux binary to break out of a restricted shell or environment by spawning an interactive system shell. The activity of spawning a shell from a binary is not common behavior for a user or system administrator, and may indicate an attempt to evade detection, increase capabilities or enhance the stability of an adversary.",
    "type": "eql",
    "language": "eql",
    "index": ["logs-endpoint.events.*"],
    // other rule fields...
    "version": 112,
    "elastic_update_date": "2024-01-29T00:00:00.000Z"
  },
  // core saved object fields...
}

This field should be optional in the PrebuiltRuleAsset schema.

The field's value will be a string formatted in the standard ISO datetime format, so the schema should probably be z.string().datetime() or something like that. Time of the day is not required and can be set to T00:00:00.000Z.

See also requirements for the package itself: elastic/detection-rules#2826 (comment).

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[elasticmachine]

Pinging @elastic/security-detections-response (Team:Detections and Resp)

[elasticmachine]

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)