Update Security Version Handling experimental feature to only track diffs between changes to security configuration

[cwperks]

Description

This PR has a couple of changes:

• Changes the logic in the security version handler to only track diffs when the security configuration is updated
• Keeps track of both forward and reverse diff to help admins put together REST Requests to call the respective PATCH API to apply changes both forwards and in reverse
• Removes the Rollback API in favor of cluster administrators using PATCH APIs to affect changes
• Updates the View API to be a simple searcher around the .opensearch_security_config_versions index

The view API can and should be further enhanced to show the actual Request route, verb and body a cluster administrator would need to call the API to affect the change.

Each change to the security index would get an entry in the version history index with the diff that took place.

See examples:

User added

{
  "_index": ".opensearch_security_config_versions",
  "_id": "VjhWhJoBLpJnvVkWshIf",
  "_score": 1,
  "_source": {
    "@timestamp": 1763156865567,
    "diffs": {
      "forwardDiff": [
        {
          "op": "add",
          "path": "/INTERNALUSERS/craig",
          "value": {
            "hash": "$2y$12$LQMew9oALZc8uZYXOcH7kOKPBZxP8CC0QUC57mEVD0JC1QlxMy2gm",
            "reserved": false,
            "hidden": false,
            "backend_roles": [],
            "attributes": {},
            "opendistro_security_roles": [],
            "static": false
          }
        }
      ],
      "reverseDiff": [
        {
          "op": "remove",
          "path": "/INTERNALUSERS/craig"
        }
      ]
    }
  }
}

Attribute added to user

{
  "_index": ".opensearch_security_config_versions",
  "_id": "PnhyhJoBXW0SAl6lLOVl",
  "_score": 1,
  "_source": {
    "@timestamp": 1763158666341,
    "diffs": {
      "forwardDiff": [
        {
          "op": "add",
          "path": "/INTERNALUSERS/craig/attributes/attr1",
          "value": "val1"
        }
      ],
      "reverseDiff": [
        {
          "op": "remove",
          "path": "/INTERNALUSERS/craig/attributes/attr1"
        }
      ]
    }
  }
}

Role mapping

{
  "_index": ".opensearch_security_config_versions",
  "_id": "UnhyhJoBXW0SAl6lZuVq",
  "_score": 1,
  "_source": {
    "@timestamp": 1763158681194,
    "diffs": {
      "forwardDiff": [
        {
          "op": "add",
          "path": "/ROLESMAPPING/all_access/users/0",
          "value": "craig"
        },
        {
          "op": "remove",
          "path": "/ROLESMAPPING/all_access/description"
        }
      ],
      "reverseDiff": [
        {
          "op": "remove",
          "path": "/ROLESMAPPING/all_access/users/0"
        },
        {
          "op": "add",
          "path": "/ROLESMAPPING/all_access/description",
          "value": "Maps admin to all_access"
        }
      ]
    }
  }
}

• Category (Enhancement, New feature, Bug fix, Test fix, Refactoring, Maintenance, Documentation)

Enhancement

Check List

• New functionality includes testing
• New functionality has been documented
• New Roles/Permissions have a corresponding security dashboards plugin PR
• API changes companion pull request created
• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[cwperks]

FYI @nagarajg17 put this quick POC today for one option. This computes the diffs and stores them chronologically.