[Security Solution] Add telemetry query configuration for timelines (#233771)

## Summary

- Add telemetry.queryConfig schema to server config
- Implement TelemetryQueryConfiguration interface with pageSize,
maxResponseSize, and maxCompressedResponseSize
- Add query configuration management to TelemetryConfigurationDTO
- Update timeline telemetry tasks to use configurable query parameters
- Add comprehensive test coverage for configuration functionality
- Set sensible defaults: pageSize=500, maxResponseSize=10MB,
maxCompressedResponseSize=8MB

### Checklist

Check the PR satisfies following conditions. 

Reviewers should verify this PR satisfies this list as well.

- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [ ] This was checked for breaking HTTP API changes, and any breaking
changes have been approved by the breaking-change committee. The
`release_note:breaking` label should be applied in these situations.
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
- [ ] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
- [ ] Review the [backport
guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)
and apply applicable `backport:*` labels.

---------

Co-authored-by: kibanamachine <[email protected]>
Co-authored-by: Elastic Machine <[email protected]>

Author: 3 people

x-pack/solutions/security/plugins/security_solution/server/config.ts

@@ -206,6 +206,15 @@ export const configSchema = schema.object({
       publicKey: schema.maybe(schema.string()),
     })
   ),
+  telemetry: schema.maybe(
+    schema.object({
+      queryConfig: schema.object({
+        pageSize: schema.maybe(schema.number()),
+        maxResponseSize: schema.maybe(schema.number()),
+        maxCompressedResponseSize: schema.maybe(schema.number()),
+      }),
+    })
+  ),
 });
 
 export type ConfigSchema = TypeOf<typeof configSchema>;

x-pack/solutions/security/plugins/security_solution/server/integration_tests/receiver.test.ts

@@ -82,7 +82,7 @@ describe('ITelemetryReceiver', () => {
       const docs = mockedDocs(numOfDocs);
       await bulkInsert(esClient, TEST_INDEX, docs);
 
-      const results = telemetryReceiver.paginate(TEST_INDEX, testQuery());
+      const results = telemetryReceiver.paginate(TEST_INDEX, testQuery(), undefined);
 
       const pages = await getPages(results);
 
@@ -103,7 +103,7 @@ describe('ITelemetryReceiver', () => {
       await bulkInsert(esClient, TEST_INDEX, batchTwo);
       await bulkInsert(esClient, TEST_INDEX, batchOne);
 
-      const results = telemetryReceiver.paginate(TEST_INDEX, testQuery(from, to));
+      const results = telemetryReceiver.paginate(TEST_INDEX, testQuery(from, to), undefined);
 
       const pages = await getPages(results);
 
@@ -115,7 +115,11 @@ describe('ITelemetryReceiver', () => {
     it('should manage empty response', async () => {
       await bulkInsert(esClient, TEST_INDEX, mockedDocs(numOfDocs));
 
-      const results = telemetryReceiver.paginate(TEST_INDEX, testQuery('now-2d', 'now-1d'));
+      const results = telemetryReceiver.paginate(
+        TEST_INDEX,
+        testQuery('now-2d', 'now-1d'),
+        undefined
+      );
 
       const pages = await getPages(results);
       expect(pages.length).toEqual(0);

x-pack/solutions/security/plugins/security_solution/server/lib/telemetry/__mocks__/index.ts

@@ -11,7 +11,7 @@ import type { ConcreteTaskInstance } from '@kbn/task-manager-plugin/server';
 import type { TelemetryPluginSetup, TelemetryPluginStart } from '@kbn/telemetry-plugin/server';
 import { TaskStatus } from '@kbn/task-manager-plugin/server';
 import type { TelemetryEventsSender } from '../sender';
-import type { ITelemetryReceiver, TelemetryReceiver } from '../receiver';
+import type { ITelemetryReceiver } from '../receiver';
 import type { SecurityTelemetryTaskConfig } from '../task';
 import type { PackagePolicy } from '@kbn/fleet-plugin/common/types/models/package_policy';
 import type { ITaskMetricsService } from '../task_metrics.types';
@@ -113,6 +113,7 @@ export const createMockTelemetryReceiver = (
 
   return {
     start: jest.fn(),
+    paginate: jest.fn(),
     fetchClusterInfo: jest.fn().mockReturnValue(stubClusterInfo),
     getClusterInfo: jest.fn().mockReturnValue(stubClusterInfo),
     fetchLicenseInfo: jest.fn().mockReturnValue(stubLicenseInfo),
@@ -137,11 +138,13 @@ export const createMockTelemetryReceiver = (
       .fn()
       .mockReturnValue({ body: { aggregations: { actionTypes: {} } } }),
     fetchEndpointMetadata: jest.fn().mockReturnValue(Promise.resolve(new Map())),
-    fetchTimelineAlerts: jest.fn().mockReturnValue(Promise.resolve(stubEndpointAlertResponse())),
+    fetchTimelineAlerts: jest.fn().mockImplementation(async function* () {
+      yield stubEndpointAlertResponse();
+    }),
     buildProcessTree: jest.fn().mockReturnValue(processTreeResponse),
     fetchTimelineEvents: jest.fn().mockReturnValue(Promise.resolve(stubFetchTimelineEvents())),
     fetchValueListMetaData: jest.fn(),
-  } as unknown as jest.Mocked<TelemetryReceiver>;
+  } as unknown as jest.Mocked<ITelemetryReceiver>;
 };
 
 export const createMockPackagePolicy = (): jest.Mocked<PackagePolicy> => {