fixed plugins unknown setting and disabled_rest_categories

[ThyTran1402]

Description

• Fixed: Audit log NONE sentinel value not respected in dynamic configuration, and misleading "unknown setting" error for ignore_users
• New behavior:
  AuditCategory.parse() now treats a single "NONE" value (case-insensitive) as an empty set, consistent with the existing behavior in the static opensearch.yml path. This fixes disabled_rest_categories and disabled_transport_categories for both config paths.
  Filter.from(Map) (the dynamic/REST path) now applies the same "NONE" → empty set conversion for ignore_users that fromSettingStringSet() already applied for the static path.
  The correct key for opensearch.yml is plugins.security.audit.config.ignore_users (note the .config. segment); using the wrong key plugins.security.audit.ignore_users is a documentation/usage issue — no code change required

Issues Resolved

• Audit log setting parameters not working #2673

Testing

• Added testNoneViaMap() unit test to AuditConfigFilterTest covering the previously untested Filter.from(Map) code path, verifying that "NONE", "None", and "none" all correctly clear disabled categories and ignored users when set via the REST API.
• Existing testNone() test continues to cover the static opensearch.yml path.

Check List

• New functionality includes testing
• New functionality has been documented
• New Roles/Permissions have a corresponding security dashboards plugin PR
• API changes companion pull request created
• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[cwperks]

TY for this PR @ThyTran1402 can you please fix the CHANGELOG conflict error?

[cwperks]

Otherwise this PR LGTM! 🚢

[ThyTran1402]

TY for this PR @ThyTran1402 can you please fix the CHANGELOG conflict error?

Yup. I already fixed the changelog merge conflict 😃. Thank you for reviewing the PR.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 73.93%. Comparing base (2b86187) to head (7f1048c).
⚠️ Report is 5 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6021      +/-   ##
==========================================
+ Coverage   73.88%   73.93%   +0.04%     
==========================================
  Files         440      440              
  Lines       27229    27265      +36     
  Branches     4044     4055      +11     
==========================================
+ Hits        20119    20159      +40     
+ Misses       5199     5193       -6     
- Partials     1911     1913       +2     

Files with missing lines	Coverage Δ
...ensearch/security/auditlog/config/AuditConfig.java	97.16% <100.00%> (+0.04%)	⬆️
...ensearch/security/auditlog/impl/AuditCategory.java	100.00% <100.00%> (ø)

... and 8 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[DarshitChanpura]

thank you for this contribution @ThyTran1402

[DarshitChanpura]

why not filter out NONE from rawIngoredUsers?

[ThyTran1402]

hmmm I think NONE is the sentinel config value, not actual username. It means don't ignore any users. So, rawIngoredUsers holds exactly what's in the config, keeping the input separate from the output logic. If we filtered it, we could lose the information that the user explicitly configured rather than just providing an empty list.

[ThyTran1402]

So, NONE is like special handling not regular filter.