[8.15] (Doc+) SIEM + frozen tier compatibility (backport #5564)

[mergify]

👋🏽 howdy, team!

1. Since ES Data Tiers are sequentially hardware performant, because we call out cold this appends the same rules apply to frozen (related to securitySolution:excludeColdAndFrozenTiersInAnalyzer from kibana#172162). Kindly see examples
   • kibana#139969 for linked internal examples of e.g. alert indices .alerts-security* being hosted in frozen breaking SIEM.
   • kb#39606517 where frozen indices containing future dates catch in the Rule lookback window and therefore can degrade product performance.
2. It looks like there's a duplicate section in the SIEM and Kibana docs from security-docs#487 and kibana#103151, respectively, where the latter had additional phrasing so cross-pollinated.
   • ( Paper-trail FYI for my team: security-docs#551 later appears to confirm indicator rules don't support cold, to confirm between PR's which is latest state in (2). It does also suggest indicator match rules do not support cross cluster search, but that was purposely later removed in security-docs#3054 for v8.7 . )

Preview:

• Detections and alerts

  ---

  This is an automatic backport of pull request (Doc+) SIEM + frozen tier compatibility  #5564 done by Mergify.

[github-actions]

A documentation preview will be available soon.

• 🔨 Buildkite builds
• 📚 HTML diff
• 📙 Preview page

Request a new doc build by commenting

• Rebuild this PR: run docs-build
• Rebuild this PR and all Elastic docs: run docs-build rebuild

_{run docs-build is much faster than run docs-build rebuild. A rebuild should only be needed in rare situations.}

_{If your PR continues to fail for an unknown reason, the doc build pipeline may be broken. Elastic employees can check the pipeline status here.}