Add API keys with unique names using UI

[bytebilly]

We can consider the idea to provide a UI to add new API keys to Elasticsearch.

API keys have a name attribute that is not enforced to be unique for technical constraints that can be found in https://github.com/elastic/elasticsearch/issues/46646.

However, since name is the attribute that identifies a specific key from a high-level user perspective, having multiple keys with the same name could lead to confusion, for example when it's time to revoke one of them.

In order to increase usability, we can consider to enforce uniqueness of name in the UI. It can be done by checking if a key with the same name exists before creating a new one. This will not ensure name to be unique, but if we make this check on a per-user basis, it is unlikely to happen that the same user is inserting two keys with the same name before the index is refreshed.

There are two possible approaches if there is already a key with the same name field:

1. raise an error and abort the task: this approach is stronger to avoid duplicates, but it cannot guarantee it anyway since they can be added via API and operations are not atomic
2. raise a warning, and ask for confirmation that it is intentional to create it anyway: this is softer, but it doesn't give the feeling that there is a guarantee of uniqueness (since it's not)

[elasticmachine]

Pinging @elastic/es-security (:Security/Authentication)

[bytebilly]

cc @cjcenizal @jethr0null

[jkakavas]

Both approaches have pros and cons.

Maybe worth summarizing them in order to facilitate the discussion and decision in this issue?

[jpountz]

It looks like this should have been labelled team-discuss rather than discuss. Please change labels again if I'm mistaken.