Security plugin configuration

[siegfriedweber]

Part of #1

Tasks

• Decision: Configure the OpenSearch security plugin #51
• Allow config overrides also for the plugin configuration files
  waiting for stackabletech/decisions#73
• Update changed security config via tools/securityadmin.sh
• Create a basic configuration for the security plugin
• Fix admin authentication
  It's currently done via Client TLS Authentication by comparing the CN in the certificate. But the secret-operator hard-codes it to CN=generated certificate for pod. OpenSearch complains that admin and node certificates must not have the same CN. see Use more clever certificate subject secret-operator#617
  Consider another PrincipalExtractor class, e.g. the SPIFFEPrincipalExtractor.
• Add authentication support
  • HTTP Basic authentication
  • LDAP
  • JSON Web Token (not sure if required)
  • OpenID Connect (not sure if required)
• Avoid insecure file permissions (e.g. use defaultMode in volumes and subPath for volumeMounts)