[KQL] Better programmatic API

[lukasolson]

KQL is being used in more and more places, such as the saved objects client, in fleet, in alerting, etc.

The KQL parser (built in PEG) doesn't perform well, so in cases where we want to improve performance, we've been interacting directly with the KQL AST nodes. Right now our APIs for doing so aren't very clean or documented.

We'd like to get to the point where we can do something simple like this:

const node = kql.and([
  kql.is(indexPattern, 'field', 'value')
  kql.not(kql.exists(indexPattern, field)
]);

And still get the performance increases we've seen from interacting directly with the AST nodes.

Related: #75693, #76589

[elasticmachine]

Pinging @elastic/kibana-app-arch (Team:AppArch)

[lukeelmers]

As an aside: this is conceptually similar to the Expression AST Builder (expressions also use PEG).

Although the nice thing here is that KQL functions aren't pluggable like expressions, which makes it possible to do a more explicit API as in the example above.

[elasticmachine]

Pinging @elastic/kibana-data-discovery (Team:DataDiscovery)

[kertal]

Closing this because it's not planned to be resolved in the foreseeable future. It will be tracked in our Icebox and will be re-opened if our priorities change. Feel free to re-open if you think it should be melted sooner.