Refactor filebeat elasticsearch module pipelines (audit, server) for maintability

[matschaffer]

Describe the enhancement:

In the rush to get #30018 merged for 8.0.0 we left the pipelines in https://github.com/elastic/beats/tree/main/filebeat/module/elasticsearch somewhat messy.

As we worked on each fileset we learned more about the problem and refined the approach, but didn't go back to implement the new ideas on already-working filesets.

We should refactor at least the 8.0 pipelines to be:

1. json
2. dot_expander/*
3. whatever additional processing is required (hopefully very little)

The deprecation and slowlog processors already follow this model.

Describe a specific use case for the enhancement or feature:

This should help simplify the pipelines and also make for easier maintenance since the ones that are similar (mostly ECS, minimal processing) will look and work similarly.

[elasticmachine]

Pinging @elastic/integrations (Team:Integrations)

[elasticmachine]

Pinging @elastic/stack-monitoring (Stack monitoring)

[botelastic]

Hi!
We just realized that we haven't looked into this issue in a while. We're sorry!

We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1.
Thank you for your contribution!