EQL: Support returning of runtime fields

[costin]

Currently EQL returns only _source and thus ignores any runtime fields defined in the mapping. This can be addressed, by potentially supporting the fields API option just like on Elasticsearch requests.

[elasticmachine]

Pinging @elastic/es-ql (Team:QL)

[astefan]

There is a difference, and an unnecessary complication imo, to mimic the support offered by fields API in EQL search request, if everything that's needed is only the runtime fields: fields accepts any kind of input and retrieves those fields, if they exist.

An EQL output that shows both the original, indexing time, _source and potentially the same fields as in those from _source means duplicating the output. We could look into adding this request body parameter but limit its functionality to runtime fields only, not name it fields but runtime_fields or similar and define it as an array of string values representing runtime field names. We can also allow * (wildcard) to return all runtime fields (which should be possible in future if #68117 is implemented).