[Fleet] add support for message signing without encryption key

[joeypoon]

Summary

adds support for using MessageSigningService even if encryption key is not configured:

• generates key pair for message signing even if encryption key is not configured
• private key passphrase is stored in plain text if no encryption key is configured
• passphrase will be automatically encrypted if encryption key is added after key pair is generated
• logs a warning if encryption key is not configured
• additional unit tests

implements: https://github.com/elastic/security-team/issues/6052

Checklist

• Unit or functional tests were updated or added to match the most common scenarios

For maintainers

• This was checked for breaking API changes and was labeled appropriately

[kibana-ci]

💚 Build Succeeded

• Buildkite Build
• Commit: 153d024

Metrics [docs]

Unknown metric groups

ESLint disabled line counts

id	before	after	diff
securitySolution	428	430	+2

Total ESLint disabled count

id	before	after	diff
securitySolution	506	508	+2

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

[elasticmachine]

Pinging @elastic/fleet (Team:Fleet)

[nchaulet]

Should the sign method of the message signing service be updated to to use passphrase_plain when there is no encryption key?

[joeypoon]

Should the sign method of the message signing service be updated to to use passphrase_plain when there is no encryption key?

sign gets the passphrase from generateKeyPair which will return the existing passphrase or passphrase_plain depending on which exists. I made everything that needs the keys and passphrase get it via generateKeyPair so that we'll only need to worry about passphrase/passphrase_plain in a single location.

[nchaulet]

LGTM 🚀