Authorized Route Migration for routes owned by @elastic/kibana-security

[elena-shostak]

Authz API migration for authorized routes

This PR migrates access:<privilege> tags used in route definitions to new security configuration.
Please refer to the documentation for more information: Authorization API

Before Migration:

Access control tags were defined in the options object of the route:

router.get({
  path: '/api/path',
  options: {
    tags: ['access:<privilege_1>', 'access:<privilege_2>'],
  },
  ...
}, handler);

After Migration:

Tags have been replaced with the more robust security.authz.requiredPrivileges field under security:

router.get({
  path: '/api/path',
  security: {
    authz: {
      requiredPrivileges: ['<privilege_1>', '<privilege_2>'],
    },
  },
  ...
}, handler);

What to do next?

1. Review the changes in this PR.
2. You might need to update your tests to reflect the new security configuration:
   • If you have tests that rely on checking access tags.
   • If you have snapshot tests that include the route definition.
   • If you have FTR tests that rely on checking unauthorized error message. The error message changed to also include missing privileges.

Any questions?

If you have any questions or need help with API authorization, please reach out to the @elastic/kibana-security team.