Operator privileges do not work properly in a mixed version cluster

[ywangd]

The operator privilege feature works by settng a special header in authenticating user's threadContext. This header is not preserved in a mixed version cluster when the request must be rerouted from a local node to a remote node of different version:

elasticsearch/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/transport/SecurityServerTransportInterceptor.java

Lines 104 to 107 in 6895511

	// re-write the authentication since we want the authentication version to match the version of the connection
	securityContext.executeAfterRewritingAuthentication(original -> sendWithUser(connection, action, request, options,
	new ContextRestoreResponseHandler<>(threadPool.getThreadContext().wrapRestorable(original), handler), sender),
	minVersion);

When sending request across nodes of different version, only the authentication object of the original request is preserved and other security related information is dropped. This leads to the remote node not recognising the user as an operator and in turns fails with and "unauthorized" (403) error.

[elasticmachine]

Pinging @elastic/es-security (Team:Security)