Allow custom realms to use additional supporting objects

[tvernum]

Currently a SecurityExtension that provides a custom realm must fit into the following limitations:

• Have a no-args constructor
• Provide one or more Realm.Factory instances, using only a ResourceWatcherService
• In that factory, construct a realm from a RealmConfig object only

That means that the only supporting objects that a realm can easily depend on are:

• ResourceWatcherService
• RealmConfig

If it wants anything else, it needs to get acces via the Plugin API.
Things that custom-realm-authors have said that they would like to have access to include:

• An Elasticsearch Client (which they can get from Plugin.createComponents, but then need to save somewhere so the realm can access it)
• The NativeRoleMappingStore (as a UserRoleMapper, which can be retrieved from Guice, but that's something we're actively working to remove).

[elasticmachine]

Pinging @elastic/es-security (:Security/Authentication)

[tvernum]

We agreed that this is something we want to do. We will need to investigate a little further to determine exactly which objects should be made available.