[CCR] create_and_follow api and follow api should check if user has sufficient privileges before executing

[martijnvg]

Today if a user invokes the create_and_follow api for a leader index it does not have privileges for then the create_and_follow api does not follow the leader index, but the follow index does get created. This an unexpected outcome.

The expected outcome is that the follow index should have been created if the user did not have the privileges to follow the leader index.

Both the create and follow api and follow api should return with a failure if the user does not have sufficient privileges. Both apis can internally use the has_privilege api to determine if the current user has sufficient privileges in the leader cluster before creating follow index or try to follow a leader index.

[elasticmachine]

Pinging @elastic/es-distributed