[Enhancement] Add Preserve event.original option to Kubernetes container and audit logs

[sbaas-hcs]

Proposed commit message

The (in Technical preview) integration Kubernetes has two datastream that do not have 'Preserve event.original' as an option. But the code to preserve the field is present in the elasticsearch\ingest_pipeline\default.yml.
The option to preserve event.original is included for audit logs from AWS CloudWatch/Azure Event Hub and Google Cloud Pub/Sub. This option is copy over to Kubernetes datastream's.
All change from MR 18215 are add to this MR.

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.
• I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

• Check ingested data on existing of event.original field
• Check if the field error.message contain any content

How to test this PR locally

Copy code and ingest code as new/different integration.
My testing was with adding preserve_original_event to the tags.

Related issues

None that where found

Screenshots

Kubernetes container logs options:

Kubernetes audit logs from AWS CloudWatch:

[elastic-vault-github-plugin-prod]

Reviewers

Buildkite won't run for external contributors automatically; you need to add a comment:

• /test : will kick off a build in Buildkite.

NOTE: https://github.com/elastic/integrations/blob/main/.buildkite/pull-requests.json contains all those details.