Queries are not sanitized on being sent to elasticsearch. It was ambiguous what needs to be done to safely pass an arbitrary string to read ES so I need to do more research.
browser-based tests do not run in CI, but this does set up testing infrastructure for the clj side with a fake ES backend and there are a few tests there now
right now this returns up to 10k codes and just displays them all on the page -- we might want to limit it, but that will have some UI considerations so I'm punting it for now
This closes #6, with a few caveats.