Usage of certificates generated from an external CA

[redgryphon]

In some environments there could be an entire CA built into the organization's network. There is no way to tell to the various components that they have to interact using secure channels and not bother the generation of the certificates or the specification of the CA since that would already be present into the OS root CAs.

The proposal is to rearrange the code and the usage of variables like generate_CA and filebeat_xpack_security to allow this choice and to make it easier to understand.