Audited API Key authentication might not have a realm name

[albertzaharovits]

The Authentication object that gets built following an API Key authentication contains the realm name of the owner user that created the key (which is audited), but the specific field used for storing that changed in #51305 .

This PR makes it so that auditing tolerates an "unfound" realm name (so it doesn't throw an NPE), because the owner realm name is not under the expected field.

Closes #59425

[elasticmachine]

Pinging @elastic/es-security (:Security/Audit)

[ywangd]

LGTM.

I noticed that the realm info is added to authentication metadata since v7.4 (#45897). But you are right, the field name is changed in v7.7 with my PR (#51305). So API keys created before v7.7 will have empty string as realm name in audit logs. We could go extra mileage to make it work with v7.4. But I don't think it's all that necessary. This is one bwc that we can afford to not have. Thanks!

[ywangd]

One more thing: Could you please re-enable the muted test by deleting these two lines from the yaml test as part of this PR?

[albertzaharovits]

Could you please re-enable the muted test by deleting these two lines from the yaml test as part of this PR?

My reflex would've been to push a separate PR to toggle tests back after this PR is merged and backported, but your suggestion would work just as well.

[ywangd]

Could you please re-enable the muted test by deleting these two lines from the yaml test as part of this PR?

My reflex would've been to push a separate PR to toggle tests back after this PR is merged and backported, but your suggestion would work just as well.

Sorry I forgot this PR is for master and the test is for 7.x. The one for master is not enabled because I was waiting for the 7.x backport. In this case, sorry please ignore my previous suggestion and I will take care of enabling the tests for both master and 7.x.

[ywangd]

I see that you have already enabled the test. It works this way as well. Sorry I was confused initially.