add back TLS and disable admin:admin user in opensearch module

[jaketf]

a lot of this work has already been done in the security-admin-script branch. However, it has been a rabbit hole that is holding us back for too long in releasing this feature which is currently only needed by one customer for a staging environment.

Note the bulk of the problems here are described in these issues:
opensearch-project/helm-charts#87
opensearch-project/helm-charts#115
opensearch-project/helm-charts#161

[jaketf]

Documenting some lessons learned during this experience:

1. we need to use the cached providers version (specifically this was an issue with old TLS provider) so that things work in xo
2. java file reading permissions check (used in checking permissions on tls certs) does not follow symlinks which caused a crashloop back off where opensearch crashes trying to read TLS key / cert from secret mount because kuberenetes sets these up with a symlink. so far attempts to modify permissions with an init container or defaultMode have proved not to work.
3. when setting helm values for opensearch.yml or internal_users.yml you must also specify extraEnvs for DISABLE_INSTALL_DEMO_CONFIG="true" in order for these to actually be respected.
4. internal users passwords must be hashed using bcrypt with 12 rounds (there is a terraform function for this)