[Security] Advanced setting for ES|QL risk scoring (elastic#3525)

Resolves elastic#3418 by
documenting the Security advanced setting for turning off ES|QL-based
risk scoring.

Preview: [Turn off ES|QL-based risk
scoring](https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/3525/solutions/security/get-started/configure-advanced-settings#turn-off-esql-based-risk-scoring)

Author: natasha-moore-elastic

solutions/security/get-started/configure-advanced-settings.md

@@ -252,3 +252,9 @@ serverless: ga
 
 The `securitySolution:enablePrivilegedUserMonitoring` setting allows you to access the [Entity analytics overview page](/solutions/security/advanced-entity-analytics/overview.md) and the [privileged user monitoring](/solutions/security/advanced-entity-analytics/privileged-user-monitoring.md) feature. This setting is turned off by default.
 
+## Turn off {{esql}}-based risk scoring
+```yaml {applies_to}
+stack: ga 9.2
+serverless: ga
+```
+By default, [entity risk scoring](/solutions/security/advanced-entity-analytics/entity-risk-scoring.md) calculations are based on {{esql}} queries. Turn off `securitySolution:enableEsqlRiskScoring` to use scripted metrics instead.