[Security Review] Rest admin permissions

[peternied]

The Rest Admin Permission feature was merged into the main branch. It opens up access to the security configuration through REST APIs which were previously only accessible through an admin client certificate. This is a considerable accessibility improvement that changes the security posture of OpenSearch clusters.

This feature requires completing a security review [1]. More details will be forthcoming as we assess timelines and scope.

Related links:

• [1] https://github.com/opensearch-project/.github/blob/main/RELEASING.md#security-reviews
• Rest admin permissions #2411
• [BUG] Several actions cannot be delegated to users and must be run as an admin user #1878
• [BUG] There should be a seperate configuration option to enable restapi: permissions #2571

[stephen-crawford]

[Triage] Thank you @peternied for bringing this to everyone's attention. You raise an excellent point and we will all be mindful of this moving forward. I will leave this open as it is tracking the current reversion.