Create macros for detections by default

[0xC0FFEEEE]

Is your feature request related to a problem? Please describe.

This is probably something that could be raised to the contentctl repo but it's probably more relevant to the content team.

Currently, detection macros are generated by contentctl during compilation of the ESCU app. This presents a challenge for migrating to detections as code as these macros can not be customized prior to deployment or managed via pull requests.

Describe the solution you'd like Create detection filter macros by default.

Beyond simplifying the adoption of DaC, one added benefit of this would be that it would be possible to contribute common false postitives to security_content, defined as comments within the yaml definition or a list under a new false_positives stanza.

Describe alternatives you've considered This behaviour can probably be accounted for in contentctl, e.g. don't try to create the macro if it already exists.