fix 400 error on initial signals search (elastic#70618)

### Summary

On initial render of the SIEM pages, a 400 error was showing for POST http://localhost:5601/api/detection_engine/signals/search. This PR is a temporary fix for this bug. This initial call is being used to populate the Last alert text that shows at the top of a number of the pages. The reason the size was 0 is because we weren't interested in the signals themselves, just the timestamp of the last alert. Teamed up with @XavierM and it seems to us that the issue is the server side validation. It may be Hapi misreading the 0 as false or our updated validation not accepting size 0.
# Conflicts:
#	x-pack/plugins/security_solution/public/alerts/components/alerts_info/query.dsl.ts

x-pack/plugins/security_solution/public/alerts/components/alerts_info/query.dsl.ts

@@ -0,0 +1,37 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+export const buildLastAlertsQuery = (ruleId: string | undefined | null) => {
+  const queryFilter = [
+    {
+      bool: { should: [{ match: { 'signal.status': 'open' } }], minimum_should_match: 1 },
+    },
+  ];
+
+  return {
+    aggs: {
+      lastSeen: { max: { field: '@timestamp' } },
+    },
+    query: {
+      bool: {
+        filter:
+          ruleId != null
+            ? [
+                ...queryFilter,
+                {
+                  bool: {
+                    should: [{ match: { 'signal.rule.id': ruleId } }],
+                    minimum_should_match: 1,
+                  },
+                },
+              ]
+            : queryFilter,
+      },
+    },
+    size: 1,
+    track_total_hits: true,
+  };
+};