[Filebeat] entityanalytics_azure - Fix accidental error overwrite in defer statement

[taylor-swanson]

What does this PR do?

• In both the full sync and incremental update functions in Azure AD, a defer statement was always overriding the error value from the function. If an error occurred during the sync/update operation, it would be overwritten by the defer.
• Since the error value produced in the defer was not used elsewhere, it is now stored in its own variable
• Added additional error information for OAuth2 response
• Added test case for error OAuth2 response
• Add SEI as codeowner of entityanalytics input

Why is it important?

• Errors are being squelched.

Checklist

• My code follows the style guidelines of this project
• I have commented my code, particularly in hard-to-understand areas
• [ ] I have made corresponding changes to the documentation
• [ ] I have made corresponding change to the default configuration files
• I have added tests that prove my fix is effective or that my feature works
• I have added an entry in CHANGELOG.next.asciidoc or CHANGELOG-developer.next.asciidoc.

How to test this PR locally

• Added unit test in oauth2_test to test propagation of error values from OAuth2 response
• Testing with expired token is also possible (did this in my testing). Resulting log is below.

Related issues

• Closes [Filebeat] entity-analytics - no errors or failure metrics on bad client credentials #35153

Logs

Error that is now surfaced from original issue:

{
  "log.level": "error",
  "@timestamp": "2023-04-21T12:15:58.347-0500",
  "log.logger": "input.entity-analytics-azure-ad",
  "log.origin": {
    "file.name": "azuread/azure.go",
    "file.line": 97
  },
  "message": "Error running full sync",
  "service.name": "filebeat",
  "id": "azure-1",
  "tenant_id": "aa40685b-417d-4664-b4ec-8f7640719adb",
  "provider": "azure-ad",
  "error": {
    "message": "unable to fetch users: unable to get bearer token: failed to renew token: token request returned unexpected status code: 401 Unauthorized, body: {\"error\":\"invalid_client\",\"error_description\":\"AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app 'c57471ff-3d81-4743-b75d-94060efe5492'.\\r\\nTrace ID: 00826744-6fc6-447e-b7fb-4dfb74972900\\r\\nCorrelation ID: 514cff95-0870-43ba-bd8c-3235ef640a7d\\r\\nTimestamp: 2023-04-21 17:15:58Z\",\"error_codes\":[7000215],\"timestamp\":\"2023-04-21 17:15:58Z\",\"trace_id\":\"00826744-6fc6-447e-b7fb-4dfb74972900\",\"correlation_id\":\"514cff95-0870-43ba-bd8c-3235ef640a7d\",\"error_uri\":\"https://login.microsoftonline.com/error?code=7000215\"}"
  },
  "ecs.version": "1.6.0"
}

[mergify]

This pull request does not have a backport label.
If this is a bug or security fix, could you label this PR @taylor-swanson? 🙏.
For such, you'll need to label your PR with:

• The upcoming major version of the Elastic Stack
• The upcoming minor version of the Elastic Stack (if you're not pushing a breaking change)

To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

• backport-v8./d.0 is the label to automatically backport to the 8./d branch. /d is the digit

[elasticmachine]

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS

Expand to view the summary

Build stats

• Start Time: 2023-04-21T15:35:16.618+0000

• Duration: 73 min 16 sec

Test stats 🧪

Test	Results
Failed	0
Passed	2885
Skipped	175
Total	3060

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

• /test : Re-trigger the build.

• /package : Generate the packages and run the E2E tests.

• /beats-tester : Run the installation tests with beats-tester.

• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)