Different handling for security specific errors in the CLI. Fix for https://github.com/elastic/elasticsearch/issues/33230 (#33255)

docs/reference/sql/endpoints/cli.asciidoc

@@ -22,6 +22,15 @@ the first parameter:
 $ ./bin/elasticsearch-sql-cli https://some.server:9200
 --------------------------------------------------
 
+If security is enabled on your cluster, you can pass the username
+and password in the form `username:password@host_name:port`
+to the SQL CLI:
+
+[source,bash]
+--------------------------------------------------
+$ ./bin/elasticsearch-sql-cli https://sql_user:strongpassword@some.server:9200
+--------------------------------------------------
+
 Once the CLI is running you can use any <<sql-spec,query>> that
 Elasticsearch supports:
 

x-pack/plugin/sql/sql-cli/src/main/java/org/elasticsearch/xpack/sql/cli/Cli.java

@@ -27,6 +27,7 @@ import org.elasticsearch.xpack.sql.client.Version;
 import org.jline.terminal.TerminalBuilder;
 import java.io.IOException;
 import java.net.ConnectException;
+import java.sql.SQLInvalidAuthorizationSpecException;
 import java.util.Arrays;
 import java.util.List;
 import java.util.logging.LogManager;
@@ -139,6 +140,10 @@ public class Cli extends LoggingAwareCommand {
                 // Most likely Elasticsearch is not running
                 throw new UserException(ExitCodes.IO_ERROR,
                         "Cannot connect to the server " + con.connectionString() + " - " + ex.getCause().getMessage());
+            } else if (ex.getCause() != null && ex.getCause() instanceof SQLInvalidAuthorizationSpecException) {
+                throw new UserException(ExitCodes.NOPERM,
+                        "Cannot establish a secure connection to the server " + 
+                                con.connectionString() + " - " + ex.getCause().getMessage());
             } else {
                 // Most likely we connected to something other than Elasticsearch
                 throw new UserException(ExitCodes.DATA_ERROR,