Allow finer-grained configuration of Elasticsearch authentication

We currently only support username/password, but other services may require more sophisticated authentication methods.

Our options :

• Provide more fine-grained configuration settings, covering a larger set of generic authentication methods. We could use external projects such as https://jclouds.apache.org/ (if it does support AWS authentication)

• Add an SPI hook to customize the Apache HTTP client, and provide users with an AWS-specific module adding AWS-specific configuration settings (see https://aws.amazon.com/blogs/security/how-to-control-access-to-your-amazon-elasticsearch-service-domain/)

• Add a programmatic API allowing users to customize the Apache HTTP client.

I suspect the ideal solution would be to provide a mix of the above, but we'll have to discuss that.