Fix permissions for UnboundID LDAP SDK (#68872)

We inadvertently removed permissions needed by the UnboundID LDAP SDK
during a refactoring. This commit returns them to their rightful place.

These permissions are needed in core because we force the class
initializers for two classes from the UnboundID LDAP SDK to load while
loading the x-pack-core plugin. We have to do this there because
x-pack-core depends on the UnboundID LDAP SDK as some realm classes live
in x-pack-core.

Without these permissions, Elasticsearch will fail to start if an AD or
LDAP realm is configured.

Author: jasontedor

x-pack/plugin/core/src/main/plugin-metadata/plugin-security.policy

@@ -8,6 +8,9 @@ grant {
 
   // needed for multiple server implementations used in tests
   permission java.net.SocketPermission "*", "accept,connect";
+
+  // needed because of problems in unbound LDAP library
+  permission java.util.PropertyPermission "*", "read,write";
 };
 
 grant codeBase "${codebase.netty-common}" {

x-pack/plugin/security/src/main/plugin-metadata/plugin-security.policy

@@ -1,8 +1,8 @@
 grant {
   permission java.lang.RuntimePermission "setFactory";
 
-  // needed because of problems in unbound LDAP library
-  permission java.util.PropertyPermission "*", "read,write";
+  // needed for SAML
+  permission java.util.PropertyPermission "org.apache.xml.security.ignoreLineBreaks", "read,write";
 
   // needed during initialization of OpenSAML library where xml security algorithms are registered
   // see https://github.com/apache/santuario-java/blob/e79f1fe4192de73a975bc7246aee58ed0703343d/src/main/java/org/apache/xml/security/utils/JavaUtils.java#L205-L220