Don't implicitly enable security when TLS is enabled

[tvernum]

Because TLS is currently considered part of the security feature, we currently assume that if you enable TLS (e.g. xpack.security.transport.ssl.enabled: true) then you are opting-in to security features, and security is automatically enabled, even on trial license (where it is otherwise off by default).

We want to break the link between TLS and other security features (authc/authz), so we should stop doing this in 7.0

We should also deprecate this behaviour for 6.7

[elasticmachine]

Pinging @elastic/es-security

[tvernum]

Resolved by #38075 and #38295