Set Security User on Kibana Updates on Enterprise Search passes cloud-internal-enterprise_search-server instead of actual user.

[mofolo]

Kibana version:
8.4.3

Elasticsearch version:
8.4.3

Server OS version:
Cloud

Browser version:
Chrome

Browser OS version:
107

Original install method (e.g. download page, yum, from source, etc.):
Cloud

Describe the bug:
Elastic Search Ingest Pipelines Set Security User is being obscured by Kibana user, when should be returning the end user making the changes. This is critical to pass user information to Painless for additional logic / logging.

Steps to reproduce:

1. Create an Ingest Pipeline with Set Security User and add it to Default pipeline on an Enterprise Search Index (eg: .ent-search-actastic-engines_v26). Set Security User to a field like ctx._security.
2. Make a change to Enterprise Search via Kibana
3. Open the document and find the document['_security'] that was written from the Ingest Pipeline.

 {
              "roles": [
                "kibana_system",
                "cloud-internal-enterprise_search-server"
              ],
              "realm": {
                "name": "found",
                "type": "file"
              },
              "authentication_type": "REALM",
              "username": "cloud-internal-enterprise_search-server"
            }

Expected behavior:
Expected Behavior is having the End User as the Security User being sent through the Ingest Pipeline, not the default Kibana username/roles.

When using the Ingest Pipeline simulator directly on ElasticSearch, this is the response which is the correct response:

"_security": {
                "metadata": {
                  "saml_email": [
                    "redacted"
                  ],
                  "saml_nameid_format": "urn:oasis:names:tc:SAML:2.0:nameid-format:transient",
                  "saml(http://saml.elastic-cloud.com/attributes/principal)": [
                    "redacted"
                  ],
                  "saml_roles": [
                    "superuser"
                  ],
                  "saml_principal": [
                    "redacted"
                  ],
                  "saml_nameid": "redacted",
                  "saml(http://saml.elastic-cloud.com/attributes/name)": [
                    "redacted"
                  ],
                  "saml(http://saml.elastic-cloud.com/attributes/email)": [
                    "redacted"
                  ],
                  "saml(http://saml.elastic-cloud.com/attributes/roles)": [
                    "superuser"
                  ],
                  "saml_name": [
                    "redacted"
                  ]
                },
                "full_name": "redacted",
                "roles": [
                  "superuser"
                ],
                "realm": {
                  "name": "cloud-saml-kibana",
                  "type": "saml"
                },
                "authentication_type": "TOKEN",
                "email": "redacted",
                "username": "redacted"

Screenshots (if relevant):
The ctx when doing an action via Kibana
https://imgur.com/a/umI4Jn1

When simulating via the Pipeline:
https://imgur.com/a/UtlOYJI

Errors in browser console (if relevant):
None

Provide logs and/or server output (if relevant):

Any additional context: