Making `security` a first class citizen of Kibana Core examples

[TinaHeiligers]

Related to https://github.com/elastic/kibana/issues/174578 Create example migrations from security plugin APIs to core.security APIs.

Find and migrate a plugin's getCurrentUser a) on the server side via start contract, b) on the server side close to a HTTP handler where using it from the request context would have been better, c) on the client side, and d) If getCurrentUser is the only dependency on the security plugin, remove the dependency.

[TinaHeiligers]

Reporting uses getCurrentUser and licensing from the Security Plugin. I'll migrate getCurrentUser as part of On-Week (June 2024). We have to wait for licensing to be exposed from Core before completely migrating off of (and removing) the security Plugin.

@tsullivan will search for a client-side use case as part of On-Week June 2024.

[elasticmachine]

Pinging @elastic/kibana-core (Team:Core)

[elasticmachine]

Pinging @elastic/kibana-security (Team:Security)

[tsullivan]

I have found a few plugins throughout Kibana that call security.authc.getCurrentUser from browser-side code.

• src/plugins/data_views/public:
  • Has a "getter" type called UserIdGetter. This is needed in the Data Views API client, which sends a user-hash field in request headers.
• src/plugins/image_embeddable:
  • The Image Editor Flyout has a feature to allow the user to delete a file, based on whether the current user ID is stored in the file metadata.
• x-pack/plugins/cases/public:
  • A useCurrentUser hook to build a query filter that gets the recent cases belonging to the current user
• x-pack/plugins/cloud_integrations/cloud_links/public:
  • The current user is checked whether they are a cloud user before adding Cloud links to the security nav controls.
• x-pack/plugins/data_visualizer/public:
  • used to generate text for a Filebeat configuration
  • used to generate a browser session seed for a FieldStats request

Some additional areas that security.authc is used in browser-side code:

• x-pack/plugins/enterprise_search/public Already consumes getCurrentUser from core.security
• x-pack/plugins/fleet/public Doesn't consume getCurrentUser
• x-pack/plugins/maps/public
• x-pack/plugins/observability_solution/apm/public
• x-pack/plugins/observability_solution/observability_ai_assistant_app/public
• x-pack/plugins/stack_connectors/public Doesn't consume getCurrentUser

I'd like to focus on an area or areas where updating the code to use core.security APIs will allow me to remove the security dependency from a plugin.