Remove vestiges of script engine sandboxing

This removes all the mentions of the sandbox from the script engine
services and permissions model. This means that the following settings
are no longer supported:

```yaml
script.inline: sandbox
script.stored: sandbox
```

Instead, only a `true` or `false` value can be specified.

Since this would otherwise break the default-allow parameter for
languages like expressions, painless, and mustache, all script engines
have been updated to have individual settings, for instance:

```yaml
script.engine.groovy.inline: true
```

Would enable all inline scripts for groovy. (they can still be
overridden on a per-operation basis).

Expressions, Painless, and Mustache all default to `true` for inline,
file, and stored scripts to preserve the old scripting behavior.

Resolves #17114

docs/reference/modules/scripting/groovy.asciidoc

@@ -1,9 +1,9 @@
 [[modules-scripting-groovy]]
 === Groovy Scripting Language
 
-Groovy is the default scripting language available in Elasticsearch.  Although
-limited by the <<java-security-manager,Java Security Manager>>, it is not a
-sandboxed language and only `file` scripts may be used by default.
+Groovy is the default scripting language available in Elasticsearch. Although
+limited by the <<java-security-manager,Java Security Manager>>, only `file`
+scripts may be used by default.
 
 Enabling `inline` or `stored` Groovy scripting is a security risk and should
 only be considered if your Elasticsearch cluster is protected from the outside

docs/reference/modules/scripting/security.asciidoc

@@ -53,22 +53,20 @@ Each of these settings takes one of these values:
 [horizontal]
 `false`::   Scripting is enabled.
 `true`::    Scripting is disabled.
-`sandbox`:: Scripting is enabled only for sandboxed languages.
 
 The default values are the following:
 
 [source,yaml]
 -----------------------------------
-script.inline: sandbox
-script.stored: sandbox
+script.inline: false
+script.stored: false
 script.file:   true
 -----------------------------------
 
 NOTE: Global scripting settings affect the `mustache` scripting language.
-<<search-template,Search templates>> internally use the `mustache` language,
-and will still be enabled by default as the `mustache` engine is sandboxed,
-but they will be enabled/disabled according to fine-grained settings
-specified in `elasticsearch.yml`.
+<<search-template,Search templates>> internally use the `mustache` language, and
+will be disabled by default, but they can be enabled/disabled according to
+fine-grained settings specified in `elasticsearch.yml`.
 
 [[security-script-context]]
 [float]
@@ -88,9 +86,9 @@ of using the generic `plugin` category. Those operations can be referred to
 in the following form: `${pluginName}_${operation}`.
 
 The following example disables scripting for `update` and `plugin` operations,
-regardless of the script source or language. Scripts can still be executed
-from sandboxed languages as part of `aggregations`, `search` and plugins
-execution though, as the above defaults still get applied.
+regardless of the script source or language. Scripts can be executed from
+languages as part of `aggregations`, `search` and plugins execution though,
+assuming they are enabled in the scripting settings.
 
 [source,yaml]
 -----------------------------------
@@ -114,6 +112,13 @@ Fine-grained settings have the form:
 script.engine.{lang}.{source}.{context}: true|false
 ------------------------
 
+And
+
+[source,yaml]
+------------------------
+script.engine.{lang}.{inline|file|stored}: true|false
+------------------------
+
 For example:
 
 [source,yaml]
@@ -122,14 +127,16 @@ script.inline: false <1>
 script.stored: false <1>
 script.file:   false <1>
 
-script.engine.groovy.stored.search:   true <2>
-script.engine.groovy.stored.aggs:     true <2>
+script.engine.groovy.inline:          true <2>
+script.engine.groovy.stored.search:   true <3>
+script.engine.groovy.stored.aggs:     true <3>
 
-script.engine.mustache.stored.search: true <3>
+script.engine.mustache.stored.search: true <4>
 -----------------------------------
 <1> Disable all scripting from any source.
-<2> Allow stored Groovy scripts to be used for search and aggregations.
-<3> Allow stored Mustache templates to be used for search.
+<2> Allow inline Groovy scripts for all operations
+<3> Allow stored Groovy scripts to be used for search and aggregations.
+<4> Allow stored Mustache templates to be used for search.
 
 [[java-security-manager]]
 [float]

docs/reference/modules/scripting/using.asciidoc

@@ -110,12 +110,15 @@ second version is only compiled once.
 [[modules-scripting-file-scripts]]
 === File-based Scripts
 
-To increase security, non-sandboxed languages can only be specified in script
-files stored on every node in the cluster.  File scripts must be saved in the
-`scripts` directory whose default location depends on whether you use  the
-<<zip-targz-layout,`zip`/`tar.gz`>> (`$ES_HOME/config/scripts/`),
-<<rpm-layout,RPM>>, or <<deb-layout,Debian>> package.  The default may be
-changed with the `path.script` setting.
+To increase security, scripts for languages that are not deemed to be safe by
+default can only be specified in files stored on every node in the cluster. File
+scripts must be saved in the `scripts` directory whose default location depends
+on whether you use the <<zip-targz-layout,`zip`/`tar.gz`>>
+(`$ES_HOME/config/scripts/`), <<rpm-layout,RPM>>, or <<deb-layout,Debian>>
+package. The default may be changed with the `path.script` setting.
+
+The languages which are assumed to be safe by default are: painless,
+expressions, and mustache (used for query templates).
 
 Any files placed in the `scripts` directory will be compiled automatically
 when the node starts up and then <<reload-scripts,every 60 seconds thereafter>>.