Read operator privs enabled from Env settings (#98246)

Security.settings incorrectly caches the node startup settings which
does not take into account setting changes that may take place after the
node has started (e.g. "addtionalSettings()" from plugins).

This commit fixes the behaviour for the OperatorPrivileges enabled
setting, until the bug can be fixed more generally

docs/changelog/98246.yaml

@@ -0,0 +1,5 @@
+pr: 98246
+summary: Read operator privs enabled from Env settings
+area: Authorization
+type: enhancement
+issues: []

x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java

@@ -905,7 +905,7 @@ public class Security extends Plugin
         final AuthenticationFailureHandler failureHandler = createAuthenticationFailureHandler(realms, extensionComponents);
 
         // operator privileges are enabled either explicitly via the setting or if running serverless
-        final boolean operatorPrivilegesEnabled = OPERATOR_PRIVILEGES_ENABLED.get(settings) || DiscoveryNode.isServerless();
+        final boolean operatorPrivilegesEnabled = OPERATOR_PRIVILEGES_ENABLED.get(environment.settings()) || DiscoveryNode.isServerless();
 
         if (operatorPrivilegesEnabled) {
             logger.info("operator privileges are enabled");