[Forwardport main] Switch to supportsImpersonation check for http auth backend and add Privileged Action for JwtParserBuilder

[RyanL1997]

Description

Switch to supportsImpersonation check for http auth backend + wrap JwtParserBuilder with doPrivileged

Reference to @cwperks's comment:

As a default implementation the authDomain could have:

default boolean supportsImpersonation() { return true; }

and any authDomain that does not support it can override:

@Override
public boolean supportsImpersonation() { return false; }

• Category (Enhancement, New feature, Bug fix, Test fix, Refactoring, Maintenance, Documentation)
  Enhancement

Issues Resolved

• Related [Backport 2.x] Feature OnBehalfOf Authentication #3563

Is this a backport? If so, please add backport PR # and/or commits #
It has already been included in 2.x

Check List

• New functionality includes testing
• New functionality has been documented
• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[codecov]

Codecov Report

Merging #3579 (3cbc910) into main (40588e6) will increase coverage by 0.01%.
Report is 1 commits behind head on main.
The diff coverage is 77.77%.

@@             Coverage Diff              @@
##               main    #3579      +/-   ##
============================================
+ Coverage     64.99%   65.01%   +0.01%     
- Complexity     3644     3648       +4     
============================================
  Files           282      283       +1     
  Lines         20613    20619       +6     
  Branches       3391     3392       +1     
============================================
+ Hits          13398    13405       +7     
  Misses         5535     5535              
+ Partials       1680     1679       -1     

Files	Coverage Δ
...rg/opensearch/security/auth/HTTPAuthenticator.java	100.00% <100.00%> (ø)
.../org/opensearch/security/auth/BackendRegistry.java	62.54% <0.00%> (ø)
...nsearch/security/http/OnBehalfOfAuthenticator.java	95.04% <85.71%> (-0.79%)	⬇️

... and 1 file with indirect coverage changes

[cwperks]

@RyanL1997 Can you update the name of this PR to something more pertinent to the content of the changes that could be placed in release notes?

[RyanL1997]

Sure @cwperks, I just updated that.