[Meta] Deprecating Exchange Online Basic Authentication

[YulNaumenko]

1. Initial issue was created by the community, based on the info from Microsoft about deprecating basic auth for exchange
2. Based on the options, which Microsoft gave us for authenticating SMTP integration application, the next step was to do the research issue for supporting generic OAuth 2.0 Authorization Code flow. Based on that we created POC. In addition to the POC, we created RFC for supporting generic OAuth 2.0 Authorization Code flow across Kibana and the proper issues for implementation: [Actions] Extend email action connector schema to support OAuth properties in config/secrets.  #107898, [Actions] Implement ability to identify the email server (Gmail, Outlook, etc.) in the email connector configuration.  #107846, Create Kibana callback endpoint for OAuth requests. #107847, [Connectors] Implement UI part for OAuth configuration for email MS Exchange connector. #107918, [Connectors Docs] Extend existing email connector MS Exchange documentation with new authorization option OAuth 2.0 Authorization Code Flow  #107904. Those was closed later in favor of the other approach.
3. As an alternative to the implementing OAuth 2.0 Authorization Code flow, was done the research on the usage OAuth 2.0 Client Credentials flow, which is more server to server communication sufficient. The main Cons here is a stepping out of the current SMTP integration in favor of MS Exchange specific way of sending emails based on MS Graph API. Created POC
4. Other OAuth 2.0 alternatives research:

• - Research OAuth flow failure paths #109919
• - Research access and refresh tokens behaviours #109918
• - Research username/password flow with MS Exchange OAuth #109916

Based on the comparison of the different research results, the team made the decision to move with implementing OAuth 2.0 Client Credentials flow and using MS Graph API for sending emails for MS Exchange Server service provider.
Summary with pros and cons: #93466 (comment)

In addition to the fixing cons about non-generic way of sending emails for MS Exchange, Microsoft has on the roadmap to add OAuth 2.0 Client Credentials support for SMTP integration.

For the selected approach opened next implementation issues:

• - [Actions] Implement ability to identify the email server (Gmail, Outlook, etc.) in the email connector configuration.  #107846
• - [Actions][Connectors] Change email connector API for MS Exchange Online provider by replacing Basic Auth with OAuth 2.0 Client Credentials flow #111439
• - [Actions][Connectors] Modify email connector UI flyout to support OAuth 2.0 Client Credentials flow for MS Exchange provider #111443
• - [Actions][Docs] Modify connector documentation with the new MS Exchange online configuration requirements #111449
• - [Actions] Store access token for OAuth 2.0 Client Credentials flow on the Kibana side. #111914
• - [Actions] Store Microsoft Graph access token in a separate saved object #113436

[elasticmachine]

Pinging @elastic/kibana-alerting-services (Team:Alerting Services)