extend elasticsearch configuration to support custom CA certificates

We are going to use a CERN IT elasticsearch instance which has a certificate that is not standard, so we need to pass the path to the CA certificate when instantiating the client.

The configuration should look like:

elasticsearch:
  uri: "http://...@elasticsearch..."
  ca_certs: "/path/to/file.pem"

where ca_certs is optional.

The value of ca_certs will have to be passed to the Elasticsearch constructor.

Another option would be to change the configuration to be

elasticsearch:
  hosts: ["http://...@elasticsearch..."]
  verify_certs: true
  ca_certs: "/path/to/file.pem"

so that we can write in Python

Elasticsearch(**config["elasticsearch"])

but this binds ourselves too tightly to a specific implementation... although it's very unlikely we use another one, so probably we should do the change now.