docs: improve YAML detectors documentation structure and accuracy

Major improvements:
- Fix incorrect usage of getEventData() for process fields (pid, uid, comm)
  These should use workload.process.* instead
- Restructure document for better learning flow:
  * Move Schema Reference earlier (after Quick Start)
  * Consolidate all CEL concepts into 'Working with CEL' section
  * Mark Datastore Functions as 'Advanced' with performance notes
- Add .list.yaml suffix to list file examples for clarity
- Remove incorrect claim about 'same capabilities as Go detectors'
- Define CEL acronym on first use
- Add blank lines before all bullet lists for proper mkdocs rendering
- Remove outdated 'No data stores' limitation (datastores are now supported)
- Improve file format section to avoid misleading statements about file placement

Structure changes:
- Removed redundant 'Simplified CEL Syntax' section
- Created consolidated 'Working with CEL' section with clear examples
- Reordered: Quick Start → Schema → CEL → Lists → Composition → Advanced

All changes maintain backward compatibility and improve clarity for
first-time readers while keeping comprehensive details for advanced users.

Author: yanivagman