Fix RoleDescriptor field annotations for Serverless (#2699)

* Fix RoleDescriptor field annotations for Serverless

* Fix

specification/security/_types/RoleDescriptor.ts

@@ -37,6 +37,7 @@ export class RoleDescriptor {
   indices?: IndicesPrivileges[]
   /**
    * An object defining global privileges. A global privilege is a form of cluster privilege that is request-aware. Support for global privileges is currently limited to the management of application privileges.
+   * @availability stack
    */
   global?: GlobalPrivilege[] | GlobalPrivilege
   /**
@@ -48,7 +49,7 @@ export class RoleDescriptor {
    */
   metadata?: Metadata
   /**
-   * A list of users that the API keys can impersonate.
+   * A list of users that the API keys can impersonate. *Note*: in Serverless, the run-as feature is disabled. For API compatibility, you can still specify an empty `run_as` field, but a non-empty list will be rejected.
    * @doc_id run-as-privilege
    */
   run_as?: string[]

specification/security/put_role/SecurityPutRoleRequest.ts

@@ -72,6 +72,10 @@ export interface Request extends RequestBase {
      * @doc_id run-as-privilege
      */
     run_as?: string[]
+    /**
+     * Optional description of the role descriptor
+     */
+    description?: string
     /**
      * Indicates roles that might be incompatible with the current cluster license, specifically roles with document and field level security. When the cluster license doesn’t allow certain features for a given role, this parameter is updated dynamically to list the incompatible features. If `enabled` is `false`, the role is ignored, but is still listed in the response from the authenticate API.
      */