Adjust PKI bootstrap check for delegation

[albertzaharovits]

There is currently a bootstrap check that validates TLS client authentication is enabled (required or optional) in at least one context (transport or http) when there is at least one PKI realm enabled.
That is because clients cannot be authenticated by the PKI realm if there's no channel that supports mutually authn TLS. However, with the new proxied PKI authn scheme, this is no longer true; it is possible to authn via the proxied PKI scheme even if there is no mutually authn TLS channel configured.

This commit relaxes the bootstrap check to only fail if the PKI realm is enabled and does not support delegation.

Relates #34396

[elasticmachine]

Pinging @elastic/es-security

[tvernum]

LGTM.

[albertzaharovits]

org.elasticsearch.smoketest.WatcherRestIT > initializationError FAILED
java.io.IOException: Error parsing painless/50_update_scripts
at org.elasticsearch.test.rest.yaml.section.ClientYamlTestSuite.parse(ClientYamlTestSuite.java:77)
at org.elasticsearch.test.rest.yaml.ESClientYamlSuiteTestCase.createParameters(ESClientYamlSuiteTestCase.java:194)
at org.elasticsearch.test.rest.yaml.ESClientYamlSuiteTestCase.createParameters(ESClientYamlSuiteTestCase.java:179)
at org.elasticsearch.smoketest.WatcherRestIT.parameters(WatcherRestIT.java:31)
Caused by:
ParsingException[Error parsing test named [Test transform scripts are updated on execution]]; nested: IllegalArgumentException[Expected [START_OBJECT, found [VALUE_NULL], the skip section is not properly indented];

@elasticmachine run elasticsearch-ci/2

[albertzaharovits]

./gradlew :x-pack:plugin:data-frame:qa:single-node-tests:integTestRunner --tests "org.elasticsearch.xpack.dataframe.integration.DataFrameTaskFailedStateIT.testForceStartFailedTransform" -Dtests.seed=C1943C2CDA756B33 -Dtests.security.manager=true -Dtests.locale=vo -Dtests.timezone=America/Monterrey -Dcompiler.java=12 -Druntime.java=11

@elasticmachine run elasticsearch-ci/2

[bizybot]

LGTM, Thank you.