[Security Solution][Detections] Adds list plugin Saved Objects to Security feature privilege (#90895)

## Summary

Add's the list plugins Saved Objects (`exception-list` and `exception-list-agnostic`) to the `Security` feature privilege.

Resolves #90715

### Test Instructions
Load pre-packaged roles/users, and ensure only those with the Kibana Space privilege `Security:All` have the ability to create/edit rules and exception lists (space-aware/agnostic). Users with `Security:Read` should only be able to view rules/exception lists. Pre-packaged security roles should no longer be granted the `Saved Objects Management` feature privilege, and this feature privilege should no longer be required to use any of the Detections features.

To add test users:

t1_analyst (`"siem": ["read"]`):
``` bash
cd x-pack/plugins/security_solution/server/lib/detection_engine/scripts/
./roles_users/t1_analyst/post_detections_role.sh roles_users/t1_analyst/detections_role.json
./roles_users/t1_analyst/post_detections_user.sh roles_users/t1_analyst/detections_user.json
```

hunter (`"siem": ["all"]`):
``` bash
cd x-pack/plugins/security_solution/server/lib/detection_engine/scripts/
./roles_users/t1_analyst/post_detections_role.sh roles_users/hunter/detections_role.json
./roles_users/t1_analyst/post_detections_user.sh roles_users/hunter/detections_user.json
```

Note: Be sure to remove these users after testing if using a public cluster.

### Checklist

Delete any items that are not applicable to this PR.

- [X] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials -- `docs` label added, will work with @jmikell821 on doc changes
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios

Author: spong

x-pack/plugins/security_solution/server/lib/detection_engine/scripts/roles_users/detections_admin/detections_role.json

@@ -26,8 +26,7 @@
         "siem": ["all"],
         "actions": ["read"],
         "builtInAlerts": ["all"],
-        "dev_tools": ["all"],
-        "savedObjectsManagement": ["all"]
+        "dev_tools": ["all"]
       },
       "spaces": ["*"]
     }

x-pack/plugins/security_solution/server/lib/detection_engine/scripts/roles_users/hunter/README.md

@@ -2,7 +2,6 @@ This user can CRUD rules and signals. The main difference here is the user has
 
 ```json
 "builtInAlerts": ["all"],
-"savedObjectsManagement": ["all"]
 ```
 
 privileges whereas the T1 and T2 have "read" privileges which prevents them from creating rules

x-pack/plugins/security_solution/server/lib/detection_engine/scripts/roles_users/hunter/detections_role.json

@@ -30,8 +30,7 @@
         "ml": ["read"],
         "siem": ["all"],
         "actions": ["read"],
-        "builtInAlerts": ["all"],
-        "savedObjectsManagement": ["all"]
+        "builtInAlerts": ["all"]
       },
       "spaces": ["*"]
     }

x-pack/plugins/security_solution/server/lib/detection_engine/scripts/roles_users/platform_engineer/detections_role.json

@@ -30,8 +30,7 @@
         "ml": ["all"],
         "siem": ["all"],
         "actions": ["all"],
-        "builtInAlerts": ["all"],
-        "savedObjectsManagement": ["all"]
+        "builtInAlerts": ["all"]
       },
       "spaces": ["*"]
     }

x-pack/plugins/security_solution/server/lib/detection_engine/scripts/roles_users/reader/detections_role.json

@@ -24,8 +24,7 @@
         "ml": ["read"],
         "siem": ["read"],
         "actions": ["read"],
-        "builtInAlerts": ["read"],
-        "savedObjectsManagement": ["read"]
+        "builtInAlerts": ["read"]
       },
       "spaces": ["*"]
     }

x-pack/plugins/security_solution/server/lib/detection_engine/scripts/roles_users/rule_author/detections_role.json

@@ -28,8 +28,7 @@
         "ml": ["read"],
         "siem": ["all"],
         "actions": ["read"],
-        "builtInAlerts": ["all"],
-        "savedObjectsManagement": ["all"]
+        "builtInAlerts": ["all"]
       },
       "spaces": ["*"]
     }

x-pack/plugins/security_solution/server/lib/detection_engine/scripts/roles_users/soc_manager/detections_role.json

@@ -28,8 +28,7 @@
         "ml": ["read"],
         "siem": ["all"],
         "actions": ["all"],
-        "builtInAlerts": ["all"],
-        "savedObjectsManagement": ["all"]
+        "builtInAlerts": ["all"]
       },
       "spaces": ["*"]
     }

x-pack/plugins/security_solution/server/lib/detection_engine/scripts/roles_users/t1_analyst/detections_role.json

@@ -21,10 +21,9 @@
     {
       "feature": {
         "ml": ["read"],
-        "siem": ["all"],
+        "siem": ["read"],
         "actions": ["read"],
-        "builtInAlerts": ["read"],
-        "savedObjectsManagement": ["read"]
+        "builtInAlerts": ["read"]
       },
       "spaces": ["*"]
     }

x-pack/plugins/security_solution/server/lib/detection_engine/scripts/roles_users/t2_analyst/detections_role.json

@@ -23,10 +23,9 @@
     {
       "feature": {
         "ml": ["read"],
-        "siem": ["all"],
+        "siem": ["read"],
         "actions": ["read"],
-        "builtInAlerts": ["read"],
-        "savedObjectsManagement": ["read"]
+        "builtInAlerts": ["read"]
       },
       "spaces": ["*"]
     }

x-pack/plugins/security_solution/server/plugin.ts

@@ -219,6 +219,8 @@ export class Plugin implements IPlugin<PluginSetup, PluginStart, SetupPlugins, S
               'cases-comments',
               'cases-configure',
               'cases-user-actions',
+              'exception-list',
+              'exception-list-agnostic',
               ...savedObjectTypes,
             ],
             read: ['config'],
@@ -243,6 +245,8 @@ export class Plugin implements IPlugin<PluginSetup, PluginStart, SetupPlugins, S
               'cases-comments',
               'cases-configure',
               'cases-user-actions',
+              'exception-list',
+              'exception-list-agnostic',
               ...savedObjectTypes,
             ],
           },