[datadog_security_monitoring_default_rule] Prevent users from overriding read-only query fields

[alvizi-dd]

Summary

• Mark all query sub-fields except custom_query_extension as Computed-only, since default rule query structure is controlled by the API and cannot be changed by users
• Simplify update logic to use the current API query as the base, only patching custom_query_extension from user config
• Remove buildUpdateDefaultRuleQuery and compareQueries — replaced by inline logic that is clearer about intent

Problem

Query fields like aggregation, query, group_by_fields, etc. were marked as Optional, implying users could configure them. In practice, default rules do not allow changes to query structure — the only user-configurable query field is custom_query_extension. This mismatch could lead users to believe they can modify query fields, and the update code was doing unnecessary round-trip work to "preserve" values that were already in Terraform state.

Solution

• Remove Optional: true from all query sub-fields except custom_query_extension
• Rebuild the update loop to start from currentState.GetQueries() (the API is the source of truth), patching only custom_query_extension when the user has set it
• Detect query changes inline during payload construction instead of via a separate compare function

Test plan

• Re-record cassettes with RECORD=true
• Acceptance tests pass
• Verify that setting query fields other than custom_query_extension in config is rejected by Terraform validation
• Verify that setting custom_query_extension applies correctly on update

│ Error: Value for unconfigurable attribute
│ 
│   with datadog_security_monitoring_default_rule.rule,
│   on rule.tf line 12, in resource "datadog_security_monitoring_default_rule":
│   12:                 data_source = "audit"
│ 
│ Can't configure a value for "query.0.data_source": its value will be decided automatically based on the result of applying this configuration.