[Fleet] Fleet enrollment token management improvements

[jillguyonnet]

The aim of this issue is to capture the open discussion raised during the implementation of https://github.com/elastic/kibana/issues/155550.

1. Consider lifting the existing constraint that the token name must be unique.

This constraint was put in place in https://github.com/elastic/kibana/issues/85118. Considering the UUID of the token is appended to the name, it is not clear whether the uniqueness of the name itself needs to be enforced. https://github.com/elastic/kibana/issues/155550 suggests that this could be a small improvement for some users.

2. Review token deletion flow

Related to https://github.com/elastic/kibana/issues/190708.

We should clarify the expected flow of enrollement token deletion (DELETE kbn:/api/fleet/enrollment_api_keys/{id}). Revoking a Fleet token marks the document in .fleet-enrollment-api-keys as inactive: https://github.com/elastic/kibana/blob/230d2748e6968fa74078408ae90b3c94ec9ddd9b/x-pack/plugins/fleet/server/services/api_keys/enrollment_api_key.ts#L162-L179

According to the Security docs, API keys are deleted after the retention period, which is an Elasticsearch setting. Based on that, we should confirm the following after deletion:

• Does the API key document still exist in the security index?
• Does the API key document still exist in .fleet-enrollment-api-keys? If not, should we implement a cleanup task?
• Should there be an option to hard-delete enrollment tokens (https://github.com/elastic/kibana/issues/155550#issuecomment-2315512542)?

[elasticmachine]

Pinging @elastic/fleet (Team:Fleet)