Fixes security plugin capabilities switcher to handle opt-out and def…

…ault behaviors (#154098)

Closes #153817

## Summary

This PR implements logical checks within the security plugin's
capabilities switcher to account for features that opt out of the Kibana
security model (e.g. Enterprise Search features). It also more
explicitly handles default cases (when a feature is neither a Kibana or
ES feature), exclusions (features handled exclusively by other plugins),
and the catalogue feature (we now qualify each catalogue feature
capability). In these cases (opt-out, default, exclusion, etc.), the
capabilities switcher will ignore the capability and neither enable nor
disable it (see detailed list below).

We are now effectively ignoring only these:
- `spaces` feature ID (handled by spaces plugin capabilities switcher)
- `fileUpload` feature ID (handled by file_upload plugin capabilities
switcher)
- `catalogue` capabilities that are not 'spaces' and are not referenced
by at least one Kibana or ES feature
- `navLinks` that are not referenced by at least one Kibana feature
- Anything that is not a global settings, management, catalogue, nav
link, Kibana, or ES feature

On the flip side we always affect everything under the `management`
feature.

This PR _should_ unblock the ability to implement parallel execution of
capabilities switchers, #152982.


### Related Tests
-
x-pack/plugins/security/server/authorization/disable_ui_capabilities.test.ts
- x-pack/test/ui_capabilities/security_and_spaces/config.ts
- x-pack/test/functional/apps/home/config.ts

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>