[Security Solution][Detections]Update detection alert mappings to ECS…

… 1.9 (#97573) (#97682)

* adds snapshot test for getSignalsTemplate

* [CTI] Extracts non-ecs, non-signal mappings to separate file

* adds updated ECS mappings

* Normalize/clean up various mappings files

* Adds a wrapping "mappings.properties" around our extra mappings
* Spreads our other mappings similarly to ECS mappings
* Moves dynamic: false out of ECS mappings and into our main template
* Ensures we include 'threat.properties.indicator', since that's where
  our 'type: nested' declaration resides

* Update ECS mappings snapshot post-1.9 updates

This updated snapshot reflects the mappings changes that one will receive when
migrating/rolling over to a 7.13 alerts index.

* Update signals template version as per guidelines.

The last released mappings update was #92928, which bumped from 24 ->
25. The few unreleased updates since then have increased this by 1, but
since these changes are going out with 7.13 we are bumping by 10 _since
the last release_, in order to give "room" for minor releases.

* Fix cypress test failure due to updated mappings

This magic number represents "the number of mapped fields that begin
with 'host.geo.c' and, because this PR adds a mapping for
host.geo.continent_code, the test needed to be updated.

Co-authored-by: Ece Ozalp <ozale272@newschool.edu>

Co-authored-by: Ryland Herrick <ryalnd@gmail.com>
Co-authored-by: Ece Ozalp <ozale272@newschool.edu>

x-pack/plugins/security_solution/cypress/integration/timelines/fields_browser.spec.ts

@@ -111,7 +111,7 @@ describe('Fields Browser', () => {
 
       filterFieldsBrowser(filterInput);
 
-      cy.get(FIELDS_BROWSER_SELECTED_CATEGORY_COUNT).should('have.text', '4');
+      cy.get(FIELDS_BROWSER_SELECTED_CATEGORY_COUNT).should('have.text', '5');
     });
   });