[Security Solution] Make savedQueryManagement feature explicit in Serverless (#208911)

## Summary

Remove the implicit grant of the `savedQueryManagement` feature with the
Security Solution basic feature (ID: `siemV2`) in Serverless.


This is a follow-up of https://github.com/elastic/kibana/pull/202863

### Feature `siemV2`
This change only affects new roles created with the `siemV2` feature,
introduced recently
[here](https://github.com/elastic/kibana/pull/201780).
This change will align the Roles UI in Serverless and ESS, both
requiring the `savedQueryManagement` feature to be explicitly granted to
be able to manage saved queries.

### Feature `siem`
Roles using the deprecated `siem` feature will still implicitly receive
the `savedQueryManagement` feature (via an implicit grant of `discover`,
`dashboard`, `visualize`, and `maps`) + migration to their `*v2`
features which include `savedQueryManagement`. So there's no behavior
change for existing roles using the old `siem` feature (no breaking
change).

## Screenshots

The siem/siemV2 feature toggle:
<img width="774" alt="siem feature"
src="https://github.com/user-attachments/assets/2759988a-3cf8-4e1f-9431-16c09cf9d95c"
/>

The savedQueryManagement feature toggle:
<img width="774" alt="Saved query feature"
src="https://github.com/user-attachments/assets/d0145244-f4b8-4577-b91f-93f4dd1f758b"
/>

config/serverless.security.yml

@@ -31,6 +31,33 @@ xpack.features.overrides:
     order: 1101
   ### Security's feature privileges are fine-tuned to grant access to Discover, Dashboard, Maps, and Visualize apps.
   siemV2:
+    privileges:
+      ### Security's `All` feature privilege should implicitly grant `All` access to Discover, Dashboard, Maps, and
+      ### Visualize features.
+      all.composedOf:
+        - feature: "discover_v2"
+          privileges: [ "all" ]
+        - feature: "dashboard_v2"
+          privileges: [ "all" ]
+        - feature: "visualize_v2"
+          privileges: [ "all" ]
+        - feature: "maps_v2"
+          privileges: [ "all" ]
+      # Security's `Read` feature privilege should implicitly grant `Read` access to Discover, Dashboard, Maps, and
+      # Visualize features. Additionally, it should implicitly grant privilege to create short URLs in Discover,
+      ### Dashboard, and Visualize apps.
+      read.composedOf:
+        - feature: "discover_v2"
+          privileges: [ "read" ]
+        - feature: "dashboard_v2"
+          privileges: [ "read" ]
+        - feature: "visualize_v2"
+          privileges: [ "read" ]
+        - feature: "maps_v2"
+          privileges: [ "read" ]
+
+  ### Security's feature privileges are fine-tuned to grant access to Discover, Dashboard, Maps, and Visualize apps.
+  siem:
     privileges:
       ### Security's `All` feature privilege should implicitly grant `All` access to Discover, Dashboard, Maps, and
       ### Visualize features.
@@ -60,33 +87,6 @@ xpack.features.overrides:
         - feature: "savedQueryManagement"
           privileges: [ "read" ]
 
-  ### Security's feature privileges are fine-tuned to grant access to Discover, Dashboard, Maps, and Visualize apps.
-  siem:
-    privileges:
-      ### Security's `All` feature privilege should implicitly grant `All` access to Discover, Dashboard, Maps, and
-      ### Visualize features.
-      all.composedOf:
-        - feature: "discover"
-          privileges: [ "all" ]
-        - feature: "dashboard"
-          privileges: [ "all" ]
-        - feature: "visualize"
-          privileges: [ "all" ]
-        - feature: "maps"
-          privileges: [ "all" ]
-      # Security's `Read` feature privilege should implicitly grant `Read` access to Discover, Dashboard, Maps, and
-      # Visualize features. Additionally, it should implicitly grant privilege to create short URLs in Discover,
-      ### Dashboard, and Visualize apps.
-      read.composedOf:
-        - feature: "discover"
-          privileges: [ "read" ]
-        - feature: "dashboard"
-          privileges: [ "read" ]
-        - feature: "visualize"
-          privileges: [ "read" ]
-        - feature: "maps"
-          privileges: [ "read" ]
-
 ## Cloud settings
 xpack.cloud.serverless.project_type: security
 

x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts

@@ -925,22 +925,6 @@ export default function ({ getService }: FtrProviderContext) {
                 "saved_object:map/share_to_space",
                 "ui:maps_v2/save",
                 "ui:maps_v2/show",
-                "api:savedQuery:manage",
-                "api:savedQuery:read",
-                "saved_object:query/bulk_get",
-                "saved_object:query/get",
-                "saved_object:query/find",
-                "saved_object:query/open_point_in_time",
-                "saved_object:query/close_point_in_time",
-                "saved_object:query/create",
-                "saved_object:query/bulk_create",
-                "saved_object:query/update",
-                "saved_object:query/bulk_update",
-                "saved_object:query/delete",
-                "saved_object:query/bulk_delete",
-                "saved_object:query/share_to_space",
-                "ui:savedQueryManagement/showQueries",
-                "ui:savedQueryManagement/saveQuery",
               ],
               "blocklist_all": Array [
                 "login:",
@@ -1779,22 +1763,6 @@ export default function ({ getService }: FtrProviderContext) {
                 "saved_object:map/share_to_space",
                 "ui:maps_v2/save",
                 "ui:maps_v2/show",
-                "api:savedQuery:manage",
-                "api:savedQuery:read",
-                "saved_object:query/bulk_get",
-                "saved_object:query/get",
-                "saved_object:query/find",
-                "saved_object:query/open_point_in_time",
-                "saved_object:query/close_point_in_time",
-                "saved_object:query/create",
-                "saved_object:query/bulk_create",
-                "saved_object:query/update",
-                "saved_object:query/bulk_update",
-                "saved_object:query/delete",
-                "saved_object:query/bulk_delete",
-                "saved_object:query/share_to_space",
-                "ui:savedQueryManagement/showQueries",
-                "ui:savedQueryManagement/saveQuery",
               ],
               "minimal_read": Array [
                 "login:",
@@ -2125,13 +2093,6 @@ export default function ({ getService }: FtrProviderContext) {
                 "ui:catalogue/maps",
                 "ui:navLinks/maps",
                 "ui:maps_v2/show",
-                "api:savedQuery:read",
-                "saved_object:query/bulk_get",
-                "saved_object:query/get",
-                "saved_object:query/find",
-                "saved_object:query/open_point_in_time",
-                "saved_object:query/close_point_in_time",
-                "ui:savedQueryManagement/showQueries",
               ],
               "policy_management_all": Array [
                 "login:",
@@ -2498,13 +2459,6 @@ export default function ({ getService }: FtrProviderContext) {
                 "ui:catalogue/maps",
                 "ui:navLinks/maps",
                 "ui:maps_v2/show",
-                "api:savedQuery:read",
-                "saved_object:query/bulk_get",
-                "saved_object:query/get",
-                "saved_object:query/find",
-                "saved_object:query/open_point_in_time",
-                "saved_object:query/close_point_in_time",
-                "ui:savedQueryManagement/showQueries",
               ],
               "scan_operations_all": Array [
                 "login:",