[Serverless] Document impact of using logsDB for security users

[nastasha-solomon]

Partially addresses #5864 by providing Serverless docs.

Previews:

• Detection engine overview | Using logsDB index mode: Added a new section to the end of the page that directs users towards the new page that'd dedicated to explaining how rules and alerts are impacted when logsDB is enabled.
• The impact of usage of logsDB index mode with Elastic Security Serverless

[github-actions]

A documentation preview will be available soon.

• 🔨 Buildkite builds
• 📚 HTML diff
• 📙 Preview page

Request a new doc build by commenting

• Rebuild this PR: run docs-build
• Rebuild this PR and all Elastic docs: run docs-build rebuild

_{run docs-build is much faster than run docs-build rebuild. A rebuild should only be needed in rare situations.}

_{If your PR continues to fail for an unknown reason, the doc build pipeline may be broken. Elastic employees can check the pipeline status here.}

[jmikell821]

This whole paragraph is a little confusing to me and I'm not 100% sure what it means. Is there any way we could break this down into simpler terms? For example, what does and then have logic outside of {sec-serverless} based on fields formatted from the original source, those flows may be affected mean?

[approksiu]

Maybe something like this: "If you send alert notifications by enabling {kibana-ref}/alerting-getting-started.html#alerting-concepts-actions[actions] to the external systems that have workflows or automations based on fields formatted from the original source, they may be affected. In particular, this can happen when the fields used are arrays of objects."

[approksiu]

Minor comment, and the rest looks good to me! Thanks a lot!

[jmikell821]

Just a few slight suggestions, thanks!