x-pack/filebeat/module/panw Fix url scheme grok pattern

[bhapas]

What does this PR do?

This PR fixes the url.scheme grok pattern from ANY to URIPROTO for proper url handling.

Why is it important?

If there is another reference url in the main url then the url.domain is broken.

url.original value --> url.original vlaue "www.sportspar.de/widgets/index/refreshStatistic?requestPage=/&requestController=index&referer=https://www.google.com/" will be parsed in url.domain: "www.google.com".

"url": {
    "path": "/",
    "registered_domain": "sportspar.de",
    "original": "www.sportspar.de/widgets/index/refreshStatistic?requestPage=/&requestController=index&referer=https://www.google.com/",
    "scheme": "www.sportspar.de/widgets/index/refreshStatistic?requestPage=/&requestController=index&referer=https",
    "domain": "www.google.com"
  },

Instead it should be

"url": {
    "path": "/",
    "registered_domain": "sportspar.de",
    "original": "www.sportspar.de/widgets/index/refreshStatistic?requestPage=/&requestController=index&referer=https://www.google.com/",
    "scheme": "www.sportspar.de/widgets/index/refreshStatistic?requestPage=/&requestController=index&referer=https://www.google.com/",
    "domain": "www.sportspar.de"
  },

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

Author's Checklist

• [ ]

How to test this PR locally

Integration test has been modified and to run that

navigate to x-path/filebeat and run

TESTING_FILEBEAT_MODULES=panw MODULES_PATH=module mage -v pythonIntegTest

[mergify]

This pull request does not have a backport label.
If this is a bug or security fix, could you label this PR @bhapas? 🙏.
For such, you'll need to label your PR with:

• The upcoming major version of the Elastic Stack
• The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change)

To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

• backport-v8./d.0 is the label to automatically backport to the 8./d branch. /d is the digit

[botelastic]

This pull request doesn't have a Team:<team> label.

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-06-13T11:45:27.957+0000

• Duration: 73 min 59 sec

Test stats 🧪

Test	Results
Failed	0
Passed	2989
Skipped	177
Total	3166

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• /package : Generate the packages and run the E2E tests.

• /beats-tester : Run the installation tests with beats-tester.

• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[kcreddy]

LGTM 👍🏼