Add note about reduced ES permissions with prefixes

[mjankowski]

Background: https://github.com/mastodon/mastodon/issues/36832#issue-3612817481

Related: https://github.com/mastodon/documentation/issues/962#issuecomment-3533076954

On of those comments requested that we make a prefix recommendation the default. This stops short of that and just describes the relevance and possible utility of locking down access here.

(I think this is directionally correct and useful, but am not an ES expert, would love a head nod from someone with configuration expertise in this area...)

[Wild1145]

It looks good, the only thing I'm not 100% sure on is the exact behaviour of ES_PREFIX.

In your example I'm not 100% sure if setting ES_PREFIX: "app_prefix" would mean that "names": ["app_prefix_*"] would work unless Mastodon is adding that additional _ at the end of the prefix and before the name of the index itself, in any case though even if it does changing it to "names": ["app_prefix*"] would still match.

As a potential expansion of scope of this PR (So feel free to say no) it might be worth adding ES_PREFIX as a commented out field in the configuration, right now we do the same for the ES_USER and ES_PASS variables but there's nowhere on the page other than what this PR adds that even references the fact ES_PREFIX exists as a variable that an admin can configure.

[mjankowski]

Yes, I believe when you set a prefix of app_prefix, you wind up with index names like app_prefix_index_name -- but I'm 99% sure that the prefix gets separated from the index names by an underscore by chewy (ES client lib), not by the mastodon app.

Agreed that adding it commented out (especially if we want to make that a default recommendation) makes sense. Will do as follow up if this is reviewed/merged.