[Fleet] add privileges to `kibana_system` to read integrations data (#132400)

* add privileges to kibana_system to read integrations data

* fix tests

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java

@@ -328,6 +328,8 @@ class KibanaOwnedReservedRoleDescriptors {
                         "indices:admin/data_stream/lifecycle/put"
                     )
                     .build(),
+                // Read datasets for auto install content packages feature in Fleet
+                RoleDescriptor.IndicesPrivileges.builder().indices("logs-*", "metrics-*", "traces-*").privileges("read").build(),
                 // Endpoint specific action responses. Kibana reads and writes (for third party
                 // agents) to the index to display action responses to the user.
                 // `create_index`: is necessary in order to ensure that the DOT datastream index is

x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java

@@ -1397,7 +1397,10 @@ public class ReservedRolesStoreTests extends ESTestCase {
                 || indexName.startsWith(".logs-endpoint.actions-")
                 || indexName.startsWith(".logs-endpoint.action.responses-")
                 || indexName.startsWith(".logs-endpoint.heartbeat-")
-                || indexName.startsWith(".logs-osquery_manager.actions-");
+                || indexName.startsWith(".logs-osquery_manager.actions-")
+                || indexName.startsWith("logs-")
+                || indexName.startsWith("metrics-")
+                || indexName.startsWith("traces-");
             assertThat(
                 kibanaRole.indices().allowedIndicesMatcher(TransportGetAction.TYPE.name()).test(indexAbstraction),
                 is(isAlsoReadIndex)