Disable `elastic` user in development

[kobelb]

Using the elastic user for development is super common. https://github.com/elastic/kibana/pull/48247 barred developers from running the Kibana server as the elastic user. However, it's still possible to login to Kibana using the elastic user.

When running KIbana in development mode, we can automatically create a user and role before disabling the elastic user and requiring the custom user/role be used instead.

This can be further elaborated upon by allowing developers to specify their own users/roles they'd like to be created in a dotfile. The APM team has created something along these lines to automatically create the various "archetypes" they plan to manually test their application with: https://github.com/elastic/kibana/blob/f7f72cb737e03b0c5b12af7f3d89f03bc34fba31/x-pack/legacy/plugins/apm/scripts/kibana-security/setup-custom-kibana-user-role.ts

Initially, I was thinking that this could be part of yarn run es. However, this introduces some complexities... Ideally, we'd be using the Kibana Role Management APIs, but these aren't available until Kibana has fully started up. Additionally, APM uses a Cloud environment and doesn't use yarn run es at all. The other obvious candidate is to add this to node ./scripts/kibana.js --dev, but something about that approach feels off since we normally don't do this type of operation there.

[elasticmachine]

Pinging @elastic/kibana-security (Team:Security)