Add OCSF schema support to SSH check integration

[nbeckstead-ddog]

What does this PR do?

This PR adds OCSF attributes to sshd logs. It also adjusts the pipeline to extract the user during attempts to authenticate as an invalid user, which is common during bruteforce attempts. Remake of #22025

Staging logs can be viewed with this query.

Motivation

Writing SIEM detections on ssh logs.

Review checklist (to be filled by reviewers)

• Feature or bugfix MUST have appropriate tests (unit, integration, e2e)
• Add the qa/skip-qa label if the PR doesn't need to be tested during QA.
• If you need to backport this PR to another branch, you can add the backport/<branch-name> label to the PR and it will automatically open a backport PR once this one is merged

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: da55367c5e

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[github-actions]

⚠️ Recommendation: Add qa/skip-qa label

This PR does not modify any files shipped with the agent.

To help streamline the release process, please consider adding the qa/skip-qa label if these changes do not require QA testing.

[nbeckstead-ddog]

Validation errors. type_uid does exist in the actual logs.

INFO:root:Error messages: {
  "Required attribute \"type_uid\" is missing.": 5
}