Handle PRIVILEGE_LEVEL_CHANGE action

[michalpristas]

to test this you need a 9.2 kibana with FF config:

xpack.fleet.enableExperimental: ["enableAgentPrivilegeLevelChange"]

This PR adds a handler for PRIVILEGE_LEVEL_CHANGE action.
Once action comes and permissions are fixed we call the code identical to privilege or unprivilege CLI commands.

Service manager handles user changes differently Windows being least problematic.
Systemd could do daemon-reload but for consistency MacOS and Linux are handled in a same way:

• change to service file is made
• agent is rebooted
• desired user is detecting by reading a service definition file
• permissions are fixed if needed
• if it is non-root, setgid,setuid calls are made to drop privileges
• we continue running.
  This is not performed if we are running using proper user

Test steps:

• run kibana instance local or cloud >=9.2-SNAPSHOT
• set config value xpack.fleet.enableExperimental: ["enableAgentPrivilegeLevelChange"]
• enroll agent to fleet, make sure you don't have system integration enabled (system requires root)
• dev tools: POST kbn:api/fleet/agents/{agent_id}/privilege_level_change
• check file system permissions are correct
• check process is using proper user/group
• check service file is updated
• restart machine recheck everything

Fixes: #4973

[elasticmachine]

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)

[ycombinator]

@michalpristas Would it be possible to add some integration/E2E tests in this PR? Failing that, could you add some manual testing steps to the PR description? Thanks.

[michalpristas]

added testing steps to description

[mergify]

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b feat/switch-action upstream/feat/switch-action
git merge upstream/main
git push upstream feat/switch-action

[mergify]

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b feat/switch-action upstream/feat/switch-action
git merge upstream/main
git push upstream feat/switch-action

[mergify]

This pull request is now in conflicts. Could you fix it? 🙏
To fixup this pull request, you can check out it locally. See documentation: https://help.github.com/articles/checking-out-pull-requests-locally/

git fetch upstream
git checkout -b feat/switch-action upstream/feat/switch-action
git merge upstream/main
git push upstream feat/switch-action

[elasticmachine]

💛 Build succeeded, but was flaky

• Buildkite Build
• Commit: 075605d

Failed CI Steps

• Win2022:sudo:fleet

History

• 💛 Build #29348 was flaky 85c1a6d
• 💚 Build #29330 succeeded 159c745
• 💔 Build #29324 failed 3fe91c8
• 💛 Build #28018 was flaky b432690
• 💔 Build #28011 failed de325b1
• 💔 Build #27952 failed 596edd9

cc @michalpristas

[blakerouse]

This looks good, thanks for working on it and iterating to get it into a good state.