[Security Solution] SIEM Migrations RBAC (#207087)

## Summary

Implements the access controls for SIEM rule migrations.

## API changes

- All API routes have been secured with "SIEM Migration" feature checks
- Start migration API route now checks if the user has privileges to use
the connector ID received
 
## UI changes

###  Onboarding SIEM migrations

- AI Connector selection
- Actions & Connectors: Read -> This privilege allows reading and
selecting a connector

Otherwise, we show a callout with the missing privileges:
![connector read
missing](https://github.com/user-attachments/assets/2eb474df-78f0-488c-803b-7c874123b62a)

- Create a migration
  - Security All -> Main Security read & write access
  - Siem Migrations All -> new feature under the Security catalog
- Actions & Connectors: Read -> This privilege allows connector
execution for LLM calls

Otherwise, we show a callout with the missing privileges:
![onboarding start card
callout](https://github.com/user-attachments/assets/19975efd-d684-47d8-b4c0-0352b7c319b4)

### Rule Translations page

- Minimum privileges to make the page accessible (read access):
  - Security Read -> Main Security read access
  - Siem Migrations All -> new feature under the Security catalog
    
Otherwise, we hide the link in the navigation and display the generic
empty state if accessed:
![rules minimum privileges
missing](https://github.com/user-attachments/assets/9dd88c72-e669-4fde-8397-e76d3d5069f9)

- To successfully install rules the following privileges are also
required (write access):
  - Security All -> Main Security read & write access
- Index privileges for `.alerts*` pattern: _read, write,
view_index_metadata, manage_
  - Index privileges for `lookup_*` pattern: _read_

Otherwise, we show a callout at the top of the page, this callout is
consistent with the one displayed on the Detection Rules page
(`/app/security/rules`)
![alerts privileges
missing](https://github.com/user-attachments/assets/105e53d7-9591-457f-983a-7fe4f9f33068)

- To retry rule translations (upload missing macros/lookups or retry
errors)
- Actions & Connectors: Read -> This privilege allows connector
execution for LLM calls

Otherwise, when attempted, we show a toast with the missing privilege. 

![](https://github.com/user-attachments/assets/f6090bb5-e6f8-4be7-bb9b-c4192155bdf8)

## Other changes

- Technical preview label

![technical
preview](https://github.com/user-attachments/assets/244724e2-9756-4c6d-805f-3459367f7975)

- No connector selected toast


https://github.com/user-attachments/assets/e4900129-ae9c-413f-9a41-f7dca452e71d

## Fixes

- [Fixed] Not possible to select a connector when no connector is
selected:
![bug
connectors](https://github.com/user-attachments/assets/2f5a831e-2172-4e77-9997-2447b4ee866f)

---------

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>

x-pack/test/api_integration/services/security_solution_api.gen.ts

@@ -156,7 +156,10 @@ import { StopRuleMigrationRequestParamsInput } from '@kbn/security-solution-plug
 import { SuggestUserProfilesRequestQueryInput } from '@kbn/security-solution-plugin/common/api/detection_engine/users/suggest_user_profiles_route.gen';
 import { TriggerRiskScoreCalculationRequestBodyInput } from '@kbn/security-solution-plugin/common/api/entity_analytics/risk_engine/entity_calculation_route.gen';
 import { UpdateRuleRequestBodyInput } from '@kbn/security-solution-plugin/common/api/detection_engine/rule_management/crud/update_rule/update_rule_route.gen';
-import { UpdateRuleMigrationRequestBodyInput } from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen';
+import {
+  UpdateRuleMigrationRequestParamsInput,
+  UpdateRuleMigrationRequestBodyInput,
+} from '@kbn/security-solution-plugin/common/siem_migrations/model/api/rules/rule_migration.gen';
 import {
   UpdateWorkflowInsightRequestParamsInput,
   UpdateWorkflowInsightRequestBodyInput,
@@ -1005,6 +1008,16 @@ finalize it.
         .set(ELASTIC_HTTP_VERSION_HEADER, '1')
         .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
     },
+    /**
+     * Identifies the privileges required for a SIEM rules migration and returns the missing privileges
+     */
+    getRuleMigrationPrivileges(kibanaSpace: string = 'default') {
+      return supertest
+        .get(routeWithNamespace('/internal/siem_migrations/rules/missing_privileges', kibanaSpace))
+        .set('kbn-xsrf', 'true')
+        .set(ELASTIC_HTTP_VERSION_HEADER, '1')
+        .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana');
+    },
     /**
      * Retrieves resources for an existing SIEM rules migration
      */
@@ -1577,7 +1590,12 @@ detection engine rules.
      */
     updateRuleMigration(props: UpdateRuleMigrationProps, kibanaSpace: string = 'default') {
       return supertest
-        .put(routeWithNamespace('/internal/siem_migrations/rules', kibanaSpace))
+        .put(
+          routeWithNamespace(
+            replaceParams('/internal/siem_migrations/rules/{migration_id}', props.params),
+            kibanaSpace
+          )
+        )
         .set('kbn-xsrf', 'true')
         .set(ELASTIC_HTTP_VERSION_HEADER, '1')
         .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')
@@ -1914,6 +1932,7 @@ export interface UpdateRuleProps {
   body: UpdateRuleRequestBodyInput;
 }
 export interface UpdateRuleMigrationProps {
+  params: UpdateRuleMigrationRequestParamsInput;
   body: UpdateRuleMigrationRequestBodyInput;
 }
 export interface UpdateWorkflowInsightProps {