[TRANSFORM] Option to delete the destination index when deleting a transform

[droberts195]

To solve elastic/kibana#137278 we need to be able to use privileges other than kibana_system to delete a transform destination index when completely uninstalling a Fleet package.

A good way to achieve this seems to be to use the transform's stored privileges to do this deletion when required. This can be achieved by adding an option to the delete transform API to attempt to delete the destination index as well as the transform. The option must default to false to preserve current behaviour, but the Fleet package installer can set it to true when completely uninstalling a package.

[elasticsearchmachine]

Pinging @elastic/ml-core (Team:ML)

[hendrikmuhs]

We have similar functionality: Reset deletes the destination index if it has been created by transform.

I like the explicitness of a parameter, to ensure consistency this parameter should be added to Reset, too.

(As an alternative to not add a new parameter, fleet could 1st reset, than delete the transform. However this approach seems more fragile, the same way fleet could delete the destination index itself.)

[droberts195]

the same way fleet could delete the destination index itself

The problem is that Fleet might not have permission to delete an arbitrary destination index.

The assumption is that if the transform got past its validation and managed to create the destination index then it will be able to delete it. I know this assumption is not true, and create index and delete index permissions are different. But, given that the Fleet installer runs as the kibana_system user, it's more likely that the transform's stored credentials will have the required privileges. We can make a rule that any package that installs a transform has to document the required permissions. Potentially we could even validate before the transform does anything that it has the permissions that will be needed to clean up if it's uninstalled.