Secure Kibana by default

[martinb3]

Kibana will point at localhost for elasticsearch, but it needs full access to the RESTful http endpoint of elasticsearch. This can be a major security issue if wide open, so we need to figure out a nice default way to keep this closed off but still usable when requested. Maybe SSL+basic auth?