audit "access denied" only when we actually return access denied error

Author: slobodanadamovic

x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/AuthorizationService.java

@@ -503,12 +503,12 @@ private void authorizeAction(
                                 indicesAndAliasesResolver.resolve(action, request, projectMetadata, authorizedIndices)
                             ),
                             e -> {
-                                auditTrail.accessDenied(requestId, authentication, action, request, authzInfo);
                                 if (e instanceof IndexNotFoundException
                                     || e instanceof InvalidIndexNameException
                                     || e instanceof IllegalArgumentException) {
                                     listener.onFailure(e);
                                 } else {
+                                    auditTrail.accessDenied(requestId, authentication, action, request, authzInfo);
                                     listener.onFailure(actionDenied(authentication, authzInfo, action, request, e));
                                 }
                             }