[META] Document fine-grained access control permissions needed for each client call

[Jon-AtAWS]

This is a generic comment, across clients.

I often stumble when trying to make API calls, to understand the needed permissions under fine-grained access control. The problem is made somewhat worse, and somewhat better, with action groups. Mapping the action groups to what they actually do is made easier by this page https://opensearch.org/docs/latest/security/access-control/default-action-groups/. But even that doesn't go all the way, since I don't know what API calls are under the client calls.

For each client, and each API, can we document the permissions (not the action group) required to execute that API.

If we can add comments to the individual clients' methods, we should be able to auto-generate this documentation. Either way, we need to put the information somewhere.