Pipe `X-Opaque-Id` header to AuditTrail logs and Elasticsearch API calls

[joshdover]

Supports #52125
Related #60119

We need to be able to correlate different logs in the regular system logger, Kibana's audit logs, and Elasticsearch's audit logs to the same user request.

When the X-Opaque-Id has been set on the request (for example, by a reverse proxy), we should:

• Forward this header to Elasticsearch
  • This may already be solved by the elasticsearch.requestHeadersWhitelist configuration option. This should be verified that this works.
• Include the identifier on any AuditTrail logs emitted during an HTTP request. This should automatically be bound via the request context.

[elasticmachine]

Pinging @elastic/kibana-platform (Team:Platform)

[joshdover]

@jportner Previously we mentioned adding a config that allows the operator to specify which IP addresses this header should be accepted from. Is that a requirement for the MVP?

[jportner]

@jportner Previously we mentioned adding a config that allows the operator to specify which IP addresses this header should be accepted from. Is that a requirement for the MVP?

No, but we should provide a config option to disable this behavior.

[mshustov]

@jportner What are the requirements regarding X-Opaque-Id for FakeRequest? I suspect they shouldn't re-use one from the "parent" request, otherwise, several operations would have the same id. Should it be generated for every "task"? Then we might need to introduce an explicit notion of execution context for such cases. @dover is this covered by #60122?