Add an integration test to validate API key creation and invalidation

[cmacknz]

Given the API key life cycle: creation -> permissions update -> invalidation:

• Creation:
  • when a new agent is enrolled
  • Updating to 8.5 (corner case, it recreates API keys for all ES outputs)
• Update (permissions):
  • when a policy change requires a broader or stricter set of permissions
    • the current update implementation guarantees the permission set will never be stricter than needed, however it might be a wee boarder.
• Invalidation:
  • Agent is un-enrolled
  • TTL - the Agent is offline for too long
• No change:
  • policy change that does not require more or less permissions

The needed integrations tests would be:

• Updating to fleet-server from any version below 8.5.0 to 8.5+
  • Ensure old api keys (before the upgrade) on the .fleet-agents doc are invalidated
• Agent enrolled
  • new API key is created
  • the API key can write to the necessary indices

[cmacknz]

We could the work done in #56 as a starting point.

[cmacknz]

Some of the necessary test framework pieces may overlap with #1275 as well.

[cmacknz]

Moving to iteration #2 for 8.6. I will create a separate issue to add a basic smoke test between the agent and fleet server to catch problems like #1341

[cmacknz]

There is an existing E2E test that could also be the basis for these tests, if we can get the E2E tests back into a usable state: https://github.com/elastic/e2e-testing/blob/main/e2e/_suites/fleet/features/permission_output_change.feature