EQL: add support for partial results

[sophiec20]

Description

Description

Allow a query to not fail on a shard failure. Similar to the _search API option to allow_partial_search_results.

This is required for EQL SIEM rules which sometimes run against index patterns which encompass frozen. If frozen tier is unavailable, this causes the rule to fail. However it should return partial results from the indices which are available and which contain relevant data.

Matching request for ES|QL #111518

[elasticsearchmachine]

Pinging @elastic/es-analytical-engine (Team:Analytics)

[yctercero]

@luigidellaquila just want to confirm that partial results would not be available as a default?

We'll want to add logic on our end to allow partial results for non-sequence queries and determine how we want to set the rule to a warning/failure state.

[luigidellaquila]

@yctercero we don't have technical constraints (apart from bwc), so we can chose.

Practically, I think we should maintain current default behavior (ie. no partial results) and have options to override it, per query (eg. with a query parameter) or at cluster level (with a cluster setting).

A few more details here (please consider the PR as a draft, we can still completely change it)