Enhancing the logs-*-* index template with a default ingest pipeline that is first doing a pre-flight check if the message field might be JSON and then uses the JSON processor to decode the JSON and merge it top-level with the document.

See also this prototype: https://gist.github.com/felixbarny/a9a2f6243153d5508643fd95ac968a88#file-routing-yml-L114-L174

Open questions and things to consider

• How do users opt-out of default JSON parsing? They could override the index template. Maybe that's good enough.
• Similarly to the logs@custom component template, should we call out to a custom index pipeline? Align with naming in Fleet.