Check if Agent can run in unprivileged mode

[ycombinator]

Describe the enhancement:

When a user is installing Elastic Agent to run in unprivileged mode or converting a privileged mode Agent to an unprivileged mode Agent, Agent should do a best effort check to determine if there any reasons, e.g. permissions issues, that would prevent the Agent from running in unprivileged mode. If such reasons are found, they should be displayed to the user and the installation or conversion should fail.

Describe a specific use case for the enhancement or feature:

Helping users before they start running Elastic Agent in unprivileged mode understand what fixes they might need to make for Agent to successfully run in unprivileged mode.

What is the definition of done?

For every scenario that Agent checks, a test that sets up this scenario and ensures that the corresponding reason is reported by Agent.

[elasticmachine]

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)

[cmacknz]

This should happen in the Fleet UI as well eventually when the conversion is supported there correct?

Whatever solution that is chosen here needs to consider how we will inform the UI of the detected problems.

[blakerouse]

The biggest reason it would be prevented from running would be because the path from / or C:\ to the installed directory will not have the correct permissions.

An alternative solution is to add a walk of the directory path from / or C:\ to the install directory and add the needed permissions. That ensures that the user doesn't need to worry about if it will run or not, Elastic Agent can ensure it.

The question is do we want the installation to adjust the permission of the paths.