Clean up variable definitions and naming

[Oddly]

An audit of all defaults/ and vars/ files across the collection found dead variables, missing defaults, naming inconsistencies, and sentinel values in the wrong location. None of these are breaking, but they make the collection harder to use and maintain.

Dead defaults that should be removed:

• `kibana_tls_cert` and `kibana_tls_key` — defined in `kibana/defaults/main.yml` but never referenced in any task or template. Legacy leftovers from before the external cert system.
• `elasticstack_globals_set` — set in the shared role, never checked anywhere. Vestigial.
• `elasticsearch_http_protocol: http` — always overwritten by set_fact to "https" when security is enabled (the default).

Variables used in tasks/templates but missing from defaults:

• `elasticsearch_extra_config`, `elasticsearch_fs_repo` — widely used in molecule and guarded in templates, but absent from defaults. Should be `{}` and `[]` respectively.
• `kibana_extra_config`, `beats_fields`, `beats_filebeat_modules` — same pattern.
• `logstash_pipeline_unsafe_shutdown`, `logstash_skip_root_check` — used with `| default(false)` guards but undeclared.
• `elasticstack_cert_pass` — referenced in ES and Kibana main.yml but completely undocumented.
• `elasticstack_version` — used everywhere for pinned-version installs, never declared in any defaults file.

Sentinel values that belong in vars/, not defaults/:

• `elasticsearch_freshstart`, `elasticsearch_freshstart_security`, `kibana_freshstart`, `logstash_freshstart` — pre-populated `{changed: false}` dicts that exist only to prevent handler errors on first run. Users must never set them. Should be in vars/ with underscore prefix to signal they are internal.

Naming inconsistencies:

• `_pw` vs `_pass` vs `_passphrase` — used interchangeably across security variables (`elasticsearch_bootstrap_pw`, `elasticstack_ca_pass`, `elasticsearch_tls_key_passphrase`).
• `logstash_role_indicies_names` — "indicies" is a typo for "indices". This is a public API variable so renaming is breaking, but worth noting.
• Cert directory: `beats_ca_dir` (set_fact), `logstash_certs_dir` (default), hardcoded `/etc/elasticsearch/certs` and `/etc/kibana/certs` — no `elasticsearch_certs_dir` or `kibana_certs_dir` variables exist.
• `logstash_security` is not in defaults; the internal `_logstash_security` alias is opaque to users.

Security flag inconsistency: — `elasticsearch_security` ignores `elasticstack_security` entirely. Setting `elasticstack_security: false` at the stack level does not turn off ES security. Beats properly propagates from `elasticstack_security`; ES and Kibana don't.

Cert variable duplication: — `xxx_cert_expiration_buffer: 30`, `xxx_cert_validity_period: 1095`, `xxx_cert_will_expire_soon: false` are defined identically in all four roles. Could consolidate to shared defaults with per-role overrides only where needed.

Fragile computed defaults: — `beats_tls_key`, `beats_tls_cert`, `beats_tls_cacert` reference `beats_ca_dir` in defaults, but `beats_ca_dir` has no default — it is set only via set_fact at runtime.

Commented-out defaults in logstash — 10+ variables (`logstash_dead_letter_queue_enable`, `logstash_monitoring_enabled`, `logstash_http_host`, etc.) are documented as comments in defaults but not actually defined. Templates guard them with `is defined`. Users scanning defaults get no indication these variables exist. They should either be defined with explicit empty/false values, or documented separately.