[Fleet] API Key generation for standalone Elastic Agent

[ruflin]

Users using the standalone Elastic Agent can use either username / password or API keys to communicate with Elasticsearch. Create an API Key for Elastic Agent with the correct minimal permission in Elasticsearch through Kibana is not trivial and requires knowledge on how Elastic Agent works.

In general we should encourage our users to use API Keys instead of username / password but as long as it is hard to get the right API Keys many users will stick to username / password.

There should be a simple way in Fleet (or somewhere else in Kibana) to create an API key with append permissions to logs-*-*, metrics-*-*, traces-*-*, synthetics-*-* (detailed permissions must be figured out). This is the maximum permissions the users will need. In a second step, more configuration options could be offered.

The goal of the above is to increase the usage of API Keys for standalone Elastic Agents.

[elasticmachine]

Pinging @elastic/fleet (Team:Fleet)