[Request][ESS] Document advanced setting that allows users to disable ES|QL in ESS

[nastasha-solomon]

Description

ES|QL and related Security features in Timeline and Rules will be enabled by default in 8.14. If users want to disable ES|QL, they can toggle the enableESQL advanced setting off under the General section.

When the enableESQL advanced setting is toggled on (which is its default state):

• The ES|QL tab in Timeline is available
  • The ES|QL option is available in Discover by Platform)
• The ES|QL rule type exists in Rule Creation (Additionally available in Elasticsearch Query Stack rule)

When the enableESQL advanced setting is toggled off:

• The ES|QL tab in Timeline doesn't display
• Users cannot select the ES|QL rule type when creating a new rule

Exceptions that allow backward compatibility:
(The following notes were copied from https://github.com/elastic/security-team/issues/9313)

• If a Timeline was saved prior to disabling ES|QL, these Timelines can be opened with the ES|QL tab available, and a user likewise could save a new Timeline with a modified query (although this seems like a workaround, it is consistent with Discover)
• If an ES|QL rule was created prior to disabling ES|QL, this ES|QL rule can still be enabled and edited in the rule management. Additionally, a user can duplicate and create a new ES|QL rule (although this seems like a workaround, it is consistent with stack rules)

Background & resources

• PRs: [Security Solution] - Security solution ES|QL configurable via advanced setting kibana#181616 [Security Solution] - Rename esql setting kibana#182432
• Issues/metas: https://github.com/elastic/security-team/issues/9313
• Point of contact: @michaelolo24 @paulewing
• Test environments: Will need to use 8.14 BC3

Which documentation set does this change impact?

ESS only

ESS release

8.14

Serverless release

N/A

Feature differences

N/A

API docs impact

N/A

Prerequisites, privileges, feature flags

N/A

[nastasha-solomon]

ESS docs updated.