Support updates of API key attributes [REST and transport layer]

[n1v0lg]

REST and transport layer implementation to add support for updating
attributes of existing API keys. This allows end-users to modify
privileges and metadata associated with API keys dynamically, without
requiring rolling out new API keys every time there is a change.

The new route supports updates to one API key, given its ID:

PUT /_security/api_key/{id}

The request body consists of optional fields role_descriptors and
metadata. If a request field is absent, the existing value of the
field on the given API key is retained. If a request field is set to
{} it replaces the existing value with {}. Explicit null-values for
request fields are not allowed and will produce a 400.
limited_by_role_descriptors, creator, and version are
automatically updated on every call. Attributes a replaced, not merged.

Only the owner user of an API key can update it. API keys cannot update
themselves, nor can other users (even users with all or
manage_security cluster privileges).

Relates: #87870

[elasticmachine]

Pinging @elastic/es-security (Team:Security)

[elasticsearchmachine]

Hi @n1v0lg, I've updated the changelog YAML for you.

[n1v0lg]

@elasticmachine run elasticsearch-ci/part-2-fips plz

[ywangd]

LGTM

No major comments. But I appreciate if you could address them before merging. Thanks!

[elasticsearchmachine]

Hi @n1v0lg, I've updated the changelog YAML for you.

[ylasri]

We got this error when using this API, on version 7.17.6

{
  "error" : {
    "root_cause" : [
      {
        "type" : "illegal_argument_exception",
        "reason" : "request [/_security/api_key/yAlcM4QBdS8O9IF71bZo] contains unrecognized parameter: [ids] -> did you mean [id]?"
      }
    ],
    "type" : "illegal_argument_exception",
    "reason" : "request [/_security/api_key/yAlcM4QBdS8O9IF71bZo] contains unrecognized parameter: [ids] -> did you mean [id]?"
  },
  "status" : 400
}

[ywangd]

We got this error when using this API, on version 7.17.6

This API is for version 8.4.0 and later. You must have confused it with some other APIs.

Also, this appears to be a user question, and we'd like to direct these kinds of things to the Elasticsearch forum. If you can stop by there, we'd appreciate it. This allows us to use GitHub for verified bug reports, feature requests, and pull requests. There's an active community in the forum that should be able to help get an answer to your question.