Generate a unique enrollment ID for use as an idempotency token during enrollment

[cmacknz]

This is the agent side implementation for elastic/fleet-server#2254 where duplicate agents can be created at scale when the enrollment API request experiences an error that results in partial server side success.

The agent should generate a V4 random UUID for use as an idempotency token during enrollment to ensure that retrying enrollment does not generate duplicate agents in Fleet. The idempotency token will be supplied in the new enrollment_id parameter of the enrollment request added in elastic/fleet-server#2655.

The UUID should be written to disk, ideally it is persisted in the agent's encrypted store. The enrollment ID should be deleted after we have confirmed the enrollment has succeeded, ideally after the first Fleet checkin succeeds.

We will likely also need a flag to force regenerating the enrollment idempotency token for cases where a server side issue causes enrollment for a particular idempotency token to fail repeatedly. This could also prevent issues if someone clones a VM image where a previous enrollment attempt had already happened.

Depends on:

• Using enrollment Id in agent enroll to delete duplicate agent on failed enroll fleet-server#2655
• Validation that the new enrollment_id API parameter solves the problem in Horde scale testing.

Relates to:

• [Fleet] Solution to avoid duplicate agents #1277 which goes farther and would allow unlimited re-enrollments of the same agent. The implementation in Using enrollment Id in agent enroll to delete duplicate agent on failed enroll fleet-server#2655 would need to accomodate this as right now it takes the most secure approach of deleting any previously existing agent that has not yet checked in with the same enrollment ID and invaliding its API key.

[elasticmachine]

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)