Cherry-pick #14407 to 7.x: Libbeat: Do not overwrite agent.*, ecs.version, and host.name

[cwurm]

Cherry-pick of PR #14407 to 7.x branch. Original message:

Addresses part of #13920 (comment).

Libbeat currently sets a few fields in every event, with no option to turn it off, or to at least not overwrite existing values.

This is a problem when receiving forwarded events (see #13920 for details). The field I'm most concerned about is host.name which is used by the Kibana SIEM app to identify hosts. This PR changes Libbeat to not overwrite host.name and a few other fields when they are already set (see list of fields below). This is technically a breaking change, though I think in almost all cases the current behavior is not what users would expect, and it is creating problems in the wild (eg #13706, discuss #1, discuss #2) - so I would like to make it in 7.x.

A bit more detail on the implementation: Adds a new function MapStr. DeepUpdateNoOverwrite alongside the existing MapStr.DeepUpdate and an overwrite parameter to the add_fields processor (but does not expose it).

The affected fields that will no longer be overwritten if they already exist are:

1. agent.ephemeral_id
2. agent.hostname
3. agent.id
4. agent.type
5. agent.version
6. ecs.version
7. host.name

If we do not want to change the behavior for all these fields we could also refactor the code to only not overwrite host.name - but I think it makes sense to not overwrite any of these fields.