[Azure Logs] Replace foreach+set combo with a script processor

[zmoog]

What does this PR do?

Replace the foreach + set processors combo with a single script processor in the ingest pipeline for Azure AD sign-in logs.

Why is it important?

The set processor expands the dots contained in the field name into subfields.

Sometimes attributes contained in authentication_processing_details have dots, for example:

# source
{"key": "a.b.c", "value": true}

In such cases, the set processor would turn it into:

# this is a side-effect
{
  "a": {
    "b": {
      "c": true
    }
  }
}

Instead of:

# this is the expected result
{"a.b.c": True}

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Related issues

• Closes [Filebeat] Azure Signin Module authentication_processing_details Issue #34330

[mergify]

This pull request does not have a backport label.
If this is a bug or security fix, could you label this PR @zmoog? 🙏.
For such, you'll need to label your PR with:

• The upcoming major version of the Elastic Stack
• The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change)

To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

• backport-v8./d.0 is the label to automatically backport to the 8./d branch. /d is the digit

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-02-07T12:53:54.685+0000

• Duration: 71 min 44 sec

Test stats 🧪

Test	Results
Failed	0
Passed	2861
Skipped	172
Total	3033

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• /package : Generate the packages and run the E2E tests.

• /beats-tester : Run the installation tests with beats-tester.

• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[zmoog]

@andrewkroh, the test file test-non-interactive-user-signin.log contains the key Legacy TLS (TLS 1.0, 1.1, 3DES).

However, the "expected" file test-non-interactive-user-signin.log-expected.json content looks correct. I guess the issue is not evident because the document uses "dot notation" for the fields. WDYT?

The integrations repo stores the expected files as a plain JSON document, so this behavior is more visible.