[UII] Restrict input types allowed for agentless integrations

[jen-huang]

When integrations are hosted and managed using the agentless deployment_mode (supports_agentless: false on the integration policy object), some special security handling is invoked. From a security perspective, we treat the deployment as if it could run arbitrary malicious code and be controlled by the user. Its network is isolated, ingress is disallowed and only specific egress is allowed.

This means that many inputs won't be user-useable. These inputs include tcp, udp, winlog, http endpoint, and filestream. We need to disable and hide these inputs from being configured in agentless mode.

• Create a blocklist constant for disallowed agentless input types: tcp, udp, winlog, http_endpoint, filestream
• In the policy editor, when Setup technology is set to Agentless:
  • Hide the rendering of configuration for inputs that have type matching the blocklist
  • Ensure that these inputs are set to enabled: false
• At the API level, throw an error if attempting to enable a disallowed input type

[elasticmachine]

Pinging @elastic/fleet (Team:Fleet)