Convert Packetbeat Flows to ECS (elastic#9121)

* Update ECS fields

Updating schema to commit 349406f59e5c7c80a20c9f213370d2601b73f040.

Some fields were removed so I added placeholder fields with TODO statements. Those fields can be removed after modules using the fields are updated accordingly.

* Convert Packetbeat Flows to ECS

The makes changes to the event format generated by Packetbeat's flow feature.

Field Changes

- type -> event.type
- transport -> network.transport
- flow_id -> flow.id
- final -> flow.final
- vlan -> flow.vlan
- start_time -> event.start
- last_time -> event.end
- source.stats.net_bytes_total -> source.bytes
- source.stats.net_packets_total -> source.packets
- dest.stats.net_bytes_total -> destination.bytes
- dest.stats.net_packets_total -> destination.packets

Added
- network.bytes
- network.packets
- event.duration

Frames with multiple levels of encapsulation like 802.1q with "Q-in-Q" will result in certain fields becoming an array with the outer most metadata being listed first (e.g. source.ip, destination.ip, flow.vlan).

Any dashboards associated with flows are not updated in this change.

Part of elastic#7968.