[CI] Add demo certificates to the packages

[AlexRuiz7]

Description

In order to improve the user experience deploying wazuh-indexer, we will add demo certificates to the packages, so the application can be started out of the box without further configuration.

This will also make our development and testing easier.

Implementation restrictions

• The certificates will be deployed to the expected path (see opensearch.yml).
• The expiration date of the certificates will be as far in time as possible (about 10 years from now).

[QU3B1M]

The (OpenSearch solution) is more complex than the scope we are aiming for with this issue. In their solution, demo certificates are configured by the security plugin's tool Installer. While we don't intend to code a similar implementation, we might be able to leverage that plugin and use it in the wazuh-indexer.

[QU3B1M]

A potential solution has been developed and is currently undergoing testing (PR #548). It involves adding an install-demo-certificates.sh script that generates and configures the certificates in the default directory (/etc/wazuh-indexer/certs). This script will be triggered during the post-install stage of the package installation, but only if the default certificates directory does not exist and the script is available.

[f-galland]

Opensearch's docker compose environments seem not to use ssl for inter node communication by default:

$ grep OPENSEARCH_HOSTS compose.yml 
      - 'OPENSEARCH_HOSTS=["http://opensearch-node1:9200","http://opensearch-node2:9200"]'

[f-galland]

It looks like they encourage manual certificates setup through the use of volumes in cases where a secure dockerized environment is required:

• https://opensearch.org/docs/latest/install-and-configure/install-opensearch/docker/#configuring-basic-security-settings

[f-galland]

In order to allow the usage of the same certificate for multiple nodes in a cluster, a multi domain wildcard certificate needs to be generated.
These cannot affect a TLD as various agent implementations will reject them.
My solution was to generate certificates for *.wazuh.indexer with the intention of using the leftmost level to hold the name of the node (ie. node-1.wazuh.indexer, node-2.wazuh.indexer, etc.).

  # Node cert
  openssl genrsa -out "$TMP_DIR/indexer-key-temp.pem" 2048
  openssl pkcs8 -inform PEM -outform PEM -in "$TMP_DIR/indexer-key-temp.pem" -topk8 -nocrypt -v1 PBE-SHA1-3DES -out "$TMP_DIR/indexer-key.pem"
  openssl req -new -key "$TMP_DIR/indexer-key.pem" -subj "/C=US/L=California/O=Wazuh/OU=Wazuh/CN=node-0.wazuh.indexer" -out "$TMP_DIR/indexer.csr"

cat <<'INDEXER_EXT' > $TMP_DIR/indexer.ext
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
DNS.2 = *.wazuh.indexer
RID.1 = 1.2.3.4.5
IP.1 = 127.0.0.1
IP.2 =  0:0:0:0:0:0:0:1
INDEXER_EXT

  openssl x509 -req -in "$TMP_DIR/indexer.csr" -CA "$TMP_DIR/root-ca.pem" -CAkey "$TMP_DIR/root-ca-key-temp.pem" -CAcreateserial -sha256 -out "$TMP_DIR/indexer.pem" -days 3650 -extfile "$TMP_DIR/indexer.ext"