Fix permissions issue with _update_by_query API that requires permission for indices:data/read/scroll/clear

[cwperks]

Description

I discovered an issue with the _update_by_query API where is requires a user to have permissions for indices:data/read/scroll/clear in order to call this API.

The reason for this is that it internally uses scroll to perform the update. Since these are internal calls, I think it would be better to wrap them in a system context which doesn't require authorization so that end users can be permitted to use _update_by_query by simply having the permission for indices:data/write/update/byquery

A test to replicate the permissions issue would be added in the security plugin.

Check List

• Functionality includes testing.
• API changes companion pull request created, if applicable.
• Public documentation issue/PR created, if applicable.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[github-actions]

❌ Gradle check result for e4f58ca: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

[github-actions]

✅ Gradle check result for 346dae6: SUCCESS

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 72.42%. Comparing base (865704b) to head (346dae6).
Report is 353 commits behind head on main.

Additional details and impacted files

@@             Coverage Diff              @@
##               main   #17250      +/-   ##
============================================
- Coverage     72.43%   72.42%   -0.01%     
- Complexity    65725    65752      +27     
============================================
  Files          5318     5318              
  Lines        305675   305678       +3     
  Branches      44350    44350              
============================================
- Hits         221408   221381      -27     
- Misses        66055    66131      +76     
+ Partials      18212    18166      -46     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[opensearch-trigger-bot]

This PR is stalled because it has been open for 30 days with no activity.

[opensearch-trigger-bot]

This PR is stalled because it has been open for 30 days with no activity.

[opensearch-trigger-bot]

This PR is stalled because it has been open for 30 days with no activity.

[cwperks]

Sync'ed with main

[github-actions]

❌ Gradle check result for a52d91e: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

[github-actions]

❌ Gradle check result for a52d91e: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?