test: use toJSON inside a role

This commit adds a test that uses toJSON templating inside of a role with
an array defined in the user's metadata.

Originates from user discussion at:
https://discuss.elastic.co/t/x-pack-security-role-definition-query-template-with-terms/62790

Original commit: elastic/x-pack-elasticsearch@196f7f597c

qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/templated_role_query/10_templated_role_query.yaml

@@ -32,6 +32,17 @@ setup:
               "password": "changeme",
               "roles" : [ "file_template_role" ]
             }
+  - do:
+      xpack.security.put_user:
+        username: "terms_template_user"
+        body:  >
+            {
+              "password": "changeme",
+              "roles" : [ "terms_template_role" ],
+              "metadata": {
+                "groups": [ "inline_template_user", "file_template_user" ]
+              }
+            }
 
   - do:
       xpack.security.put_role:
@@ -53,6 +64,24 @@ setup:
               ]
             }
 
+  - do:
+      xpack.security.put_role:
+        name: "terms_template_role"
+        body:  >
+            {
+              "indices": [
+                {
+                  "names": "foobar",
+                  "privileges": ["all"],
+                  "query" : {
+                    "template" : {
+                      "inline" : "{\"terms\" : { \"username\" : {{#toJson}}_user.metadata.groups{{/toJson}} } }"
+                    }
+                  }
+                }
+              ]
+            }
+
   - do:
       xpack.security.put_role:
         name: "stored_template_role"
@@ -144,6 +173,10 @@ teardown:
       xpack.security.delete_user:
         username: "file_template_user"
         ignore: 404
+  - do:
+      xpack.security.delete_user:
+        username: "terms_template_user"
+        ignore: 404
   - do:
       xpack.security.delete_role:
         name: "inline_template_role"
@@ -156,7 +189,10 @@ teardown:
       xpack.security.delete_role:
         name: "file_template_role"
         ignore: 404
-
+  - do:
+      xpack.security.delete_role:
+        name: "terms_template_role"
+        ignore: 404
 ---
 "Test inline template":
   - do:
@@ -189,3 +225,15 @@ teardown:
         body: { "query" : { "match_all" : {} } }
   - match: { hits.total: 1}
   - match: { hits.hits.0._source.username: file_template_user}
+
+---
+"Test terms template":
+  - do:
+      headers:
+        Authorization: "Basic dGVybXNfdGVtcGxhdGVfdXNlcjpjaGFuZ2VtZQ=="
+      search:
+        index: foobar
+        body: { "query" : { "match_all" : {} } }
+  - match: { hits.total: 2}
+  - match: { hits.hits.0._source.username: inline_template_user}
+  - match: { hits.hits.1._source.username: file_template_user}