Fix plaintext on TLS port logging (#45852)

Today if non-TLS record is received on TLS port generic exception will
be logged with the stack-trace.
SSLExceptionHelper.isNotSslRecordException method does not work because
it's assuming that NonSslRecordException would be top-level.
This commit addresses the issue and the log would be more concise.

(cherry picked from commit 6b83527bf0c23d4d5b97fab7f290c43432945d4f)

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/transport/SSLExceptionHelper.java

@@ -17,7 +17,8 @@ public class SSLExceptionHelper {
     }
 
     public static boolean isNotSslRecordException(Throwable e) {
-        return e instanceof NotSslRecordException && e.getCause() == null;
+        return e instanceof DecoderException &&
+                e.getCause() instanceof NotSslRecordException;
     }
 
     public static boolean isCloseDuringHandshakeException(Throwable e) {

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/transport/SecurityTransportExceptionHandler.java

@@ -30,12 +30,7 @@ public final class SecurityTransportExceptionHandler implements BiConsumer<TcpCh
             // just close and ignore - we are already stopped and just need to make sure we release all resources
             CloseableChannel.closeChannel(channel);
         } else if (SSLExceptionHelper.isNotSslRecordException(e)) {
-            if (logger.isTraceEnabled()) {
-                logger.trace(
-                    new ParameterizedMessage("received plaintext traffic on an encrypted channel, closing connection {}", channel), e);
-            } else {
             logger.warn("received plaintext traffic on an encrypted channel, closing connection {}", channel);
-            }
             CloseableChannel.closeChannel(channel);
         } else if (SSLExceptionHelper.isCloseDuringHandshakeException(e)) {
             if (logger.isTraceEnabled()) {