Kibana version:
Serverless Search Solution

Describe the bug:
A user without any API key privileges can still access the createAPI key flyout via the home landing page in the "Add an API key" section. This is not currently an issue, as all predefined roles grant access to API keys. However, once custom roles are available, roles without any API key privileges will be possible.

Steps to reproduce:

1. Add a role without any API key privileges to the roles.yml file
   Example:

tester:
  cluster: ['read_pipeline']
  indices:
    - names:
        - '*'
      privileges:
        - 'read'
        - 'view_index_metadata'
  applications:
    - application: 'kibana-.kibana'
      privileges:
        - 'read'
      resources:
        - '*'

3. Start ES and Kibana in serverless es mode using the --ssl flag
4. Log in as a test user with the role defined in step 1
5. Navigate to the home page and click the New button in the "Add an API key" section
6. Give the API key a name and click the Create API Key button

Expected behavior:
The "Add an API key" section of the landing page should not be displayed to a user with no API key privileges.

Screenshots (if relevant):

Provide logs and/or server output (if relevant):

[2024-03-14T19:08:38.761-04:00][ERROR][plugins.security.authentication.api-key] Failed to create API key: security_exception
        Root causes:
                security_exception: action [cluster:admin/xpack/security/api_key/create] is unauthorized for user [test_user] with effective roles [tester], this action is granted by the cluster privileges [manage_own_api_key,manage_api_key,manage_security,all]
[2024-03-14T19:08:38.761-04:00][ERROR][http] 500 Server Error