Allow plugins MBeanTrustPermission (elastic#81508) (elastic#81516)

MBeans are sometimes used by third party libraries, e.g. to report
metrics through JMX. This commit builds upon the initial set of MBean
permissions added in elastic#76329, to further alllow a plugin register an
MBean, i.e to allow plugins to grant MBeanTrustPermission("register").

qa/evil-tests/src/test/java/org/elasticsearch/bootstrap/PolicyUtilTests.java

@@ -256,6 +256,7 @@ void assertIllegalPermissions(List<String> illegalPermissions, PolicyParser pars
         "javax.management.MBeanPermission * setAttribute",
         "javax.management.MBeanPermission * unregisterMBean",
         "javax.management.MBeanServerPermission *",
+        "javax.management.MBeanTrustPermission register",
         "javax.security.auth.AuthPermission doAs",
         "javax.security.auth.AuthPermission doAsPrivileged",
         "javax.security.auth.AuthPermission getSubject",

server/src/main/java/org/elasticsearch/bootstrap/PolicyUtil.java

@@ -52,6 +52,7 @@
 
 import javax.management.MBeanPermission;
 import javax.management.MBeanServerPermission;
+import javax.management.MBeanTrustPermission;
 import javax.management.ObjectName;
 import javax.security.auth.AuthPermission;
 import javax.security.auth.PrivateCredentialPermission;
@@ -139,7 +140,8 @@ public boolean test(Permission permission) {
                 "addNotificationListener,getAttribute,getDomains,getMBeanInfo,getObjectInstance,instantiate,invoke,"
                     + "isInstanceOf,queryMBeans,queryNames,registerMBean,removeNotificationListener,setAttribute,unregisterMBean"
             ),
-            new MBeanServerPermission("*")
+            new MBeanServerPermission("*"),
+            new MBeanTrustPermission("register")
         );
         // While it would be ideal to represent all allowed permissions with concrete instances so that we can
         // use the builtin implies method to match them against the parsed policy, this does not work in all