Remove read_connector_secrets named privilege

docs/reference/rest-api/security/bulk-create-roles.asciidoc

@@ -315,7 +315,7 @@ The result would then have the `errors` field set to `true` and hold the error f
         "details": {
             "my_admin_role": { <4>
                 "type": "action_request_validation_exception",
-                "reason": "Validation Failed: 1: unknown cluster privilege [bad_cluster_privilege]. a privilege must be either one of the predefined cluster privilege names [manage_own_api_key,none,cancel_task,cross_cluster_replication,cross_cluster_search,delegate_pki,grant_api_key,manage_autoscaling,manage_index_templates,manage_logstash_pipelines,manage_oidc,manage_saml,manage_search_application,manage_search_query_rules,manage_search_synonyms,manage_service_account,manage_token,manage_user_profile,monitor_connector,monitor_data_stream_global_retention,monitor_enrich,monitor_inference,monitor_ml,monitor_rollup,monitor_snapshot,monitor_text_structure,monitor_watcher,post_behavioral_analytics_event,read_ccr,read_connector_secrets,read_fleet_secrets,read_ilm,read_pipeline,read_security,read_slm,transport_client,write_connector_secrets,write_fleet_secrets,create_snapshot,manage_behavioral_analytics,manage_ccr,manage_connector,manage_data_stream_global_retention,manage_enrich,manage_ilm,manage_inference,manage_ml,manage_rollup,manage_slm,manage_watcher,monitor_data_frame_transforms,monitor_transform,manage_api_key,manage_ingest_pipelines,manage_pipeline,manage_data_frame_transforms,manage_transform,manage_security,monitor,manage,all] or a pattern over one of the available cluster actions;"
+                "reason": "Validation Failed: 1: unknown cluster privilege [bad_cluster_privilege]. a privilege must be either one of the predefined cluster privilege names [manage_own_api_key,none,cancel_task,cross_cluster_replication,cross_cluster_search,delegate_pki,grant_api_key,manage_autoscaling,manage_index_templates,manage_logstash_pipelines,manage_oidc,manage_saml,manage_search_application,manage_search_query_rules,manage_search_synonyms,manage_service_account,manage_token,manage_user_profile,monitor_connector,monitor_data_stream_global_retention,monitor_enrich,monitor_inference,monitor_ml,monitor_rollup,monitor_snapshot,monitor_text_structure,monitor_watcher,post_behavioral_analytics_event,read_ccr,read_fleet_secrets,read_ilm,read_pipeline,read_security,read_slm,transport_client,write_connector_secrets,write_fleet_secrets,create_snapshot,manage_behavioral_analytics,manage_ccr,manage_connector,manage_data_stream_global_retention,manage_enrich,manage_ilm,manage_inference,manage_ml,manage_rollup,manage_slm,manage_watcher,monitor_data_frame_transforms,monitor_transform,manage_api_key,manage_ingest_pipelines,manage_pipeline,manage_data_frame_transforms,manage_transform,manage_security,monitor,manage,all] or a pattern over one of the available cluster actions;"
             }
         }
     }

docs/reference/rest-api/security/get-builtin-privileges.asciidoc

@@ -117,7 +117,6 @@ A successful call returns an object with "cluster", "index", and "remote_cluster
     "none",
     "post_behavioral_analytics_event",
     "read_ccr",
-    "read_connector_secrets",
     "read_fleet_secrets",
     "read_ilm",
     "read_pipeline",

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/privilege/ClusterPrivilegeResolver.java

@@ -388,11 +388,6 @@ public class ClusterPrivilegeResolver {
         CROSS_CLUSTER_REPLICATION_PATTERN
     );
 
-    public static final NamedClusterPrivilege READ_CONNECTOR_SECRETS = new ActionClusterPrivilege(
-        "read_connector_secrets",
-        READ_CONNECTOR_SECRETS_PATTERN
-    );
-
     public static final NamedClusterPrivilege WRITE_CONNECTOR_SECRETS = new ActionClusterPrivilege(
         "write_connector_secrets",
         WRITE_CONNECTOR_SECRETS_PATTERN
@@ -469,7 +464,6 @@ public class ClusterPrivilegeResolver {
             MANAGE_SEARCH_QUERY_RULES,
             CROSS_CLUSTER_SEARCH,
             CROSS_CLUSTER_REPLICATION,
-            READ_CONNECTOR_SECRETS,
             WRITE_CONNECTOR_SECRETS,
             MONITOR_GLOBAL_RETENTION,
             MANAGE_GLOBAL_RETENTION

x-pack/plugin/ent-search/qa/rest/roles.yml

@@ -18,8 +18,8 @@ user:
   cluster:
     - post_behavioral_analytics_event
     - manage_api_key
-    - read_connector_secrets
     - write_connector_secrets
+    - cluster:admin/xpack/connector/secret/get
   indices:
     - names: [
       "test-index1",

x-pack/plugin/security/qa/service-account/src/javaRestTest/java/org/elasticsearch/xpack/security/authc/service/ServiceAccountIT.java

@@ -281,8 +281,8 @@ public class ServiceAccountIT extends ESRestTestCase {
             "cluster": [
                 "manage",
                 "manage_security",
-                "read_connector_secrets",
-                "write_connector_secrets"
+                "write_connector_secrets",
+                "cluster:admin/xpack/connector/secret/get"
             ],
             "indices": [
                 {

x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/service/ElasticServiceAccounts.java

@@ -26,7 +26,12 @@ final class ElasticServiceAccounts {
         "enterprise-search-server",
         new RoleDescriptor(
             NAMESPACE + "/enterprise-search-server",
-            new String[] { "manage", "manage_security", "read_connector_secrets", "write_connector_secrets" },
+            new String[] {
+                "manage",
+                "manage_security",
+                "write_connector_secrets",
+                "cluster:admin/xpack/connector/secret/get" // for reading connector secrets
+            },
             new RoleDescriptor.IndicesPrivileges[] {
                 RoleDescriptor.IndicesPrivileges.builder()
                     .indices(