Feature/add es encryption

[jcalderin]

Add options to modify encryption values in ES

Plan example

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # aws_elasticsearch_domain.plp_logging-domain must be replaced
-/+ resource "aws_elasticsearch_domain" "plp_logging-domain" {
      ~ access_policies       = jsonencode(
          ~ {
              ~ Statement = [
                  ~ {
                      ~ Action    = "es:*" -> [
                          + "es:*",
                        ]
                      ~ Principal = {
                          ~ AWS = "arn:aws:iam::326412704776:root" -> [
                              + "326412704776",
                            ]
                        }
                        # (2 unchanged elements hidden)
                    },
                ]
                # (1 unchanged element hidden)
            }
        )
      ~ advanced_options      = {
          - "override_main_response_version"         = "false"
          - "rest.action.multi.allow_explicit_index" = "true"
        } -> (known after apply)
      ~ arn                   = "arn:aws:es:ap-southeast-2:326412704776:domain/neara-logs" -> (known after apply)
      ~ domain_id             = "326412704776/neara-logs" -> (known after apply)
      ~ endpoint              = "search-neara-logs-drnh5edofz44y3xnckwtzxgjre.ap-southeast-2.es.amazonaws.com" -> (known after apply)
      ~ id                    = "arn:aws:es:ap-southeast-2:326412704776:domain/neara-logs" -> (known after apply)
      ~ kibana_endpoint       = "search-neara-logs-drnh5edofz44y3xnckwtzxgjre.ap-southeast-2.es.amazonaws.com/_plugin/kibana/" -> (known after apply)
        tags                  = {
            "cost-center"  = "plp"
            "tf-stack"     = "hxshared"
            "tf-subsystem" = "plp"
        }
        # (3 unchanged attributes hidden)

      ~ advanced_security_options {
          ~ enabled                        = false -> (known after apply)
          ~ internal_user_database_enabled = false -> (known after apply)

          + master_user_options {
              + master_user_arn      = (known after apply)
              + master_user_name     = (known after apply)
              + master_user_password = (sensitive value)
            }
        }

      ~ cluster_config {
          - warm_count               = 0 -> null
          - warm_enabled             = false -> null
          - zone_awareness_enabled   = false -> null
            # (5 unchanged attributes hidden)
        }

      - cognito_options {
          - enabled = false -> null
        }

      ~ domain_endpoint_options {
          ~ enforce_https           = false -> true
          ~ tls_security_policy     = "Policy-Min-TLS-1-0-2019-07" -> (known after apply)
            # (1 unchanged attribute hidden)
        }

      ~ ebs_options {
          - iops        = 0 -> null
            # (3 unchanged attributes hidden)
        }

      ~ encrypt_at_rest {
          ~ enabled    = false -> true # forces replacement
          + kms_key_id = (known after apply)
        }

      ~ node_to_node_encryption {
          ~ enabled = false -> true # forces replacement
        }

        # (1 unchanged block hidden)
    }

[jcalderin]

Ok, now should be good :)