Implement a small containerized OpenSearch setup

* we're going for a small single-machine setup here
* we don't include logstash/fluentd in the setup; this is off-loaded to
  other projects sending their logs to OS deployments
* configure the security plugin to use self-generated certificates, and
  create a bunch of customized internal users
* note: apparently, securityadmin's '-rev' flag doesn't do anything for
  internal_users
* instead, we need to go the good old 'sed' route to update the internal
  users