Elasticsearch version (bin/elasticsearch --version): 7.13.0, probably all later versions

Plugins installed: []

JVM version (java -version): built-in

OS version (uname -a if on a Unix-like system): MacOS

Description of the problem including expected versus actual behavior:
When a system data stream exists and Security is enabled, the Get Alias API will always fail.

Steps to reproduce:

1. Start an Elasticsearch cluster with security enabled. Perform all following steps as superuser.
2. Create a system data stream:

curl -X POST -u elastic-admin:elastic-password "localhost:9200/.fleet-actions-results/_doc" -H 'Content-Type: application/json' -H 'X-elastic-product-origin: fleet' -d'{"@timestamp": 0}' | jq

3. Attempt to use the Get Aliases API, with or without any index name, e.g. GET _alias or GET _alias/auditbeat-7.13.0.
4. Observe the error response.

Note that the Get Alias API behaves as expected when security is not enabled.

Provide logs (if relevant):
The error response:

{ "error": { "root_cause": [ { "type": "illegal_argument_exception", "reason": "Data stream(s) [.fleet-actions-results] use and access is reserved for system operations" } ], "type": "illegal_argument_exception", "reason": "Data stream(s) [.fleet-actions-results] use and access is reserved for system operations" }, "status": 400 }