Add kibana_system_password variable (like elasticsearch_elastic_password)

[Oddly]

Problem

When using vault-managed passwords for built-in users, the kibana_system password needs to be synced manually into the initial_passwords file via a pre_task workaround:

pre_tasks:
  - name: Sync kibana_system password in initial_passwords
    ansible.builtin.lineinfile:
      path: "{{ elasticstack_initial_passwords }}"
      regexp: "^PASSWORD kibana_system = "
      line: "PASSWORD kibana_system = {{ vault_kibana_system_pw }}"
    delegate_to: "{{ groups['elasticsearch'][0] }}"
    run_once: true

This is needed because the role reads the kibana_system password from initial_passwords (via fetch_password.yml) to configure Kibana's ES connection. After the first deploy, the auto-generated password in that file no longer matches the vault-managed password set via the API.

Proposed Solution

Add a kibana_system_password variable (similar to elasticsearch_elastic_password added in #91) that:

1. Changes the kibana_system password via the _security/user/kibana_system/_password API after initial setup
2. Uses this password for Kibana's elasticsearch.password configuration
3. Falls back to the auto-generated password from initial_passwords when not set

This would eliminate the need for manual initial_passwords file manipulation in consumer playbooks.

Current Workaround

Syncing the vault password into initial_passwords before the role runs, so fetch_password.yml returns the correct value.