[Scout] Remove custom role deletion the requestAuth fixture (so it is deleted just once in samlAuth) (#244462)

This PR removes the custom role deletion logic from the `requestAuth`
fixture (used by Scout API tests to request an API key). Custom roles
will still be deleted in the `samlAuth` fixture. We were attempting to
delete the custom role in two places instead of one.

### Context

Currently, a bug in the Scout API tests causes the custom role to be
deleted twice: once [in the `requestAuth`
fixture](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-scout/src/playwright/fixtures/scope/worker/api_key.ts#L169-L178)
and again [in the `samlAuth`
fixture](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-scout/src/playwright/fixtures/scope/worker/core_fixtures.ts#L186-L198).
We should ensure the custom role is deleted only **once**, ideally
within the `samlAuth` fixture, to align with the behavior in UI tests.
This issue specifically affects Scout API tests that use the
`requestAuth` fixture.

### How to test

First, enable `debug` Scout logs in you local environment:

```
export SCOUT_LOG_LEVEL=debug
```

Start the servers:

```
node scripts/scout.js start-server --stateful
```

In a separate terminal run some Scout API tests:
```
npx playwright test x-pack/platform/plugins/private/painless_lab/test/scout/api/tests/execute_api_custom_cluster_privileges.spec.ts --config x-pack/platform/plugins/private/painless_lab/test/scout/api/playwright.config.ts --project local
```

Notice the custom role is deleted just once:

```
Running 4 tests using 1 worker

[local] › x-pack/platform/plugins/private/painless_lab/test/scout/api/tests/execute_api_custom_cluster_privileges.spec.ts:15:12 › POST api/painless_lab/execute with specific cluster privileges › should execute a valid painless script using cluster:admin/scripts/painless/execute credentials @ess
 info [scout-worker] Created API key for custom_role_worker_1 role: myTestApiKey-0-custom_role_worker_1-worker-1
[local] › x-pack/platform/plugins/private/painless_lab/test/scout/api/tests/execute_api_custom_cluster_privileges.spec.ts:38:12 › POST api/painless_lab/execute with specific cluster privileges › should execute a valid painless script using cluster:admin credentials @ess
 info [scout-worker] Created API key for custom_role_worker_1 role: myTestApiKey-1-custom_role_worker_1-worker-1
[local] › x-pack/platform/plugins/private/painless_lab/test/scout/api/tests/execute_api_custom_cluster_privileges.spec.ts:60:12 › POST api/painless_lab/execute with specific cluster privileges › should return an unauthorized status code when using monitor cluster credentials @ess
 info [scout-worker] Created API key for custom_role_worker_1 role: myTestApiKey-2-custom_role_worker_1-worker-1
[local] › x-pack/platform/plugins/private/painless_lab/test/scout/api/tests/execute_api_custom_cluster_privileges.spec.ts:79:12 › POST api/painless_lab/execute with specific cluster privileges › should return an unauthorized status code when using both cluster and Kibana privileges @ess
 info [scout-worker] Created API key for custom_role_worker_1 role: myTestApiKey-3-custom_role_worker_1-worker-1
 info [scout-worker] Invalidated API key: myTestApiKey-0-custom_role_worker_1-worker-1
 info [scout-worker] Invalidated API key: myTestApiKey-1-custom_role_worker_1-worker-1
 info [scout-worker] Invalidated API key: myTestApiKey-2-custom_role_worker_1-worker-1
 info [scout-worker] Invalidated API key: myTestApiKey-3-custom_role_worker_1-worker-1
 info [scout-worker] Deleting custom role custom_role_worker_1
 info [scout-worker] Custom role 'custom_role_worker_1' deleted
  4 passed (9.5s)
```

Without this change, you would see an error (because we were attempting
to delete the custom role twice):

```
 info [scout-worker] Deleted custom_role_worker_1 custom role
ERROR [scout-worker] Failed to delete custom role 'custom_role_worker_1' during worker cleanup: {"found":false}
  4 passed (11.0s)
```

Author: csr

src/platform/packages/shared/kbn-scout/src/playwright/fixtures/scope/worker/api_key.ts

@@ -7,7 +7,6 @@
  * License v3.0 only", or the "Server Side Public License, v 1".
  */
 
-import type { Client } from '@elastic/elasticsearch';
 import { coreWorkerFixtures } from './core_fixtures';
 import type { ApiClientFixture } from './api_client';
 import type { DefaultRolesFixture } from './default_roles';
@@ -43,13 +42,11 @@ export const requestAuthFixture = coreWorkerFixtures.extend<
     requestAuth: RequestAuthFixture;
     defaultRoles: DefaultRolesFixture;
     apiClient: ApiClientFixture;
-    esClient: Client;
   }
 >({
   requestAuth: [
-    async ({ log, samlAuth, defaultRoles, apiClient, esClient }, use, workerInfo) => {
+    async ({ log, samlAuth, defaultRoles, apiClient }, use, workerInfo) => {
       const generatedApiKeys: ApiKey[] = [];
-      let isCustomRoleCreated = false;
 
       const createApiKeyPayload = (
         apiKeyName: string,
@@ -148,8 +145,6 @@ export const requestAuthFixture = coreWorkerFixtures.extend<
       const getApiKeyForCustomRole = async (
         roleDescriptor: KibanaRole | ElasticsearchRoleDescriptor
       ): Promise<RoleApiCredentials> => {
-        isCustomRoleCreated = true;
-
         await samlAuth.setCustomRole(roleDescriptor);
 
         const result = await createApiKeyWithAdminCredentials(samlAuth.customRoleName, {
@@ -166,15 +161,7 @@ export const requestAuthFixture = coreWorkerFixtures.extend<
         return invalidateApiKeys(generatedApiKeys);
       });
 
-      if (isCustomRoleCreated) {
-        log.debug(`Deleting custom role with name ${samlAuth.customRoleName}`);
-        try {
-          await esClient.security.deleteRole({ name: samlAuth.customRoleName });
-          log.info(`Deleted ${samlAuth.customRoleName} custom role`);
-        } catch (error: any) {
-          log.error(`Failed to delete custom role ${samlAuth.customRoleName}: ${error.message}`);
-        }
-      }
+      // Note: the custom role will be deleted in the samlAuth fixture cleanup
     },
     { scope: 'worker' },
   ],