[FR] Update schema validation to use `data_stream.dataset`

### Link to Kibana PR

_No response_

### Feature Description

Confirmed with @andrewkroh that we should be using `data_stream.dataset` instead of `event.dataset` for integration schema validation for rule queries.

Per Andrew:

_For Fleet managed data_streams, yes, rely on data_stream.dataset because it's always added by the Agent. And it is a constant_keyword so it should have better query performance.
event.dataset is mostly present in Fleet packages, but I don't think 100% have it. And it's not always a constant_keyword._

This was identified during rule creation for https://github.com/elastic/detection-rules/pull/4928 where `event.dataset` was not identified in the NPC events in TRADE's stack.

### Desired Solution

Use `data_stream.dataset` instead of `event.dataset` for the validating rule query fields that are parsed.

### Considered Alternatives

_No response_

### Additional Context

- Slack [thread](https://elastic.slack.com/archives/C010LT16CFR/p1753286051076549?thread_ts=1753279750.075459&cid=C010LT16CFR)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[FR] Update schema validation to use `data_stream.dataset` #4929

Link to Kibana PR

Feature Description

Desired Solution

Considered Alternatives

Additional Context

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[FR] Update schema validation to use data_stream.dataset #4929

Description

Link to Kibana PR

Feature Description

Desired Solution

Considered Alternatives

Additional Context

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

[FR] Update schema validation to use `data_stream.dataset` #4929