Solutions cannot limit who can execute their action types

[gmmorris]

This is a follow up issue to the RBAC work done for Alerting and Actions #43994.

RBAC for Actions is implemented at feature level - so the all/read/none privileges can be assigned to roles using Feature Controls and thus it can be controlled who can create Connectors, whjo can execute actions based on these connectors etc.

This does not address the requirement to provide control at solution level.
This means that if, for example, the observability solution were to provide an APM specific action type, it would be available to anyone who has been granted access to the Actions plugin as a whole.
But in such a case, it's possible the solution would want to limit this access to just users who have access to the Observability solution, in a similar manner to how we provide solution & alertType specific RBAC in Alerting - this issue should address that.

[elasticmachine]

Pinging @elastic/kibana-alerting-services (Team:Alerting Services)

[mikecote]

This will unblock #82502. We should re-schedule that issue once this issue is resolved.

[mikecote]

cc @arisonl

[mikecote]

I had a chat with @XavierM on this issue and this won't be needed until case moves out of the security solution. In the meantime, the case connector will only be visible in the security solution (hidden from connectors UI) and the executor should be running as the user already. This means it should handle proper RBAC at execution time if someone was to trying to use the _execute endpoint.

[mikecote]

Some input on the expectations for limiting who can create / edit / execute action types: #94498.

[mikecote]

cc @cnasikas