make tls config in elastic more clearer

[smallc2009]

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes #1452

Does this PR introduced a user-facing change?

- **Consolidate TLS configuration**: Move TLS enable flag into the `tls` object itself
- **Add nil pointer protection**: Prevent template errors when `tls` section is not defined
- **Improve template robustness**: Use `omit` function to exclude control fields from final config

Additional documentation, usage docs, etc.:

Before

fluentbit:
  output:
    es:
      enableTLS: true  # Separate enable flag
      tls:
        verify: On
        debug: 1

After

fluentbit:
  output:
    es:
      tls:
        enable: true  # Integrated enable flag
        verify: On
        debug: 1

Reflect to fluent-bit.config

[Output]
    Name    es
    Match_Regex    (?:kube|service)\.(.*)
    Host    <Elasticsearch url like elasticsearch-logging-data.kubesphere-logging-system.svc>
    Port    9200
    Buffer_Size    20MB
    Logstash_Format    true
    Logstash_Prefix    ks-logstash-log
    Time_Key    @timestamp
    Generate_ID    true
    Write_Operation    create
    Replace_Dots    false
    Trace_Error    true
    Suppress_Type_Name    Off
    tls    On
    tls.verify    true
    tls.debug    1