Add Kibana application privileges to elastic/fleet-server service account

[joshdover]

In order to support dropping the requirement to need superuser credentials to setup Fleet (elastic/kibana#112647), we'd like to leverage the elastic/fleet-server service account to be able to perform this setup. We plan to register an application privilege from Kibana that would allow us to do this, but we'll need to grant the service account access to Kibana's application privileges for this to work.

This should work very similarly to how we enable the `` user to do the same and we plan to also remove this requirement in 8.x once Kibana initiates Fleet setup without an external user:

elasticsearch/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java

Lines 205 to 208 in 51fcb21

	new RoleDescriptor.ApplicationResourcePrivileges[] {
	RoleDescriptor.ApplicationResourcePrivileges.builder()
	.application("kibana-*").resources("*").privileges("reserved_ml_user").build()
	},

In this case, we'll need to grant access to the reserved_fleet-setup privilege for the kibana-* application.

Related to #77294

[elasticmachine]

Pinging @elastic/es-security (Team:Security)

[joshdover]

@ywangd is this something you could handle in conjunction with #77294?

[ywangd]

@ywangd is this something you could handle in conjunction with #77294?

Yes I can get this done as long as the decision is agreed upon by relevant teams. Please feel free to put me as the assignee.

The change will be its own separate PR from the one for #77294 since they are two separate issues and each has clearly defined scope.