Change kibana_user and kibana_dashboard_only_user to use application privileges

[kobelb]

Now that we have the application privileges in place, and we're reviewing elastic/kibana#19723 , we'll want to switch the kibana_user and kibana_dashboard_only_user roles to utilize the new application privileges and no longer have direct access to the .kibana* indices.

We'd like the kibana_user role to have the all privilege on * resources; and the kibana_dashboard_only_user role to have the read privilege on * resources.

It should be noted that we won't want to merge this change until elastic/kibana#19723 merges, or else we risk making existing users with the kibana_user roles non-functional.

[elasticmachine]

Pinging @elastic/es-security

[jaymode]

@kobelb this will prevent users from using kibana until kibana has also been upgraded if I understand correctly. I'm just pointing this out because we'll need to document this.

[kobelb]

@kobelb this will prevent users from using kibana until kibana has also been upgraded if I understand correctly. I'm just pointing this out because we'll need to document this.

That's a good point, and something we should definitely document because I can't think of a way around this.

[kobelb]

Closed by #32137