[ResponseOps][Connectors] Provide an allow list for email recipients

[cnasikas]

The Watcher added the following configuration, xpack.notification.email.recipient_allowlist to support only a subset of email recipients using wildcards. For example, setting xpack.notification.email.recipient_allowlist to ["*.foo@domain.com"] will allow only recipients like bar.foo@domain.com but not bar.baz@domain.com. The new config is mutually exclusive with the domain_allowlist, meaning that if both are configured, Watcher will throw an error.

We should support the same functionality for Kibana alerting.

DoD

• Introduce a new xpack.actions.email.recipient_allowlist configuration where users can use wildcards to put the list of allowed recipients.
• Throw an error if both xpack.actions.email.recipient_allowlist and xpack.actions.email.domain_allowlist are set on Kibana startup.
• Throw an error in the email executor if the recipients (To:, Cc:, or Bcc:) are not allowed.
• Show an error in the UI if someone tries to set a recipient (To:, Cc:, or Bcc:) that is not allowed.
• The new setting defaults to ["*"], which means all recipients are allowed.

PR for Watcher: elastic/elasticsearch#116672

[elasticmachine]

Pinging @elastic/response-ops (Team:ResponseOps)