Add a config option to block the Oozie server port

Oozie workflows may sometimes contain sensitive information in the form of arguments or configuration parameters to jobs.

Quoting the docs, Oozie does not screen jobs by user. All users can read all jobs:

"Oozie has a basic authorization model:

    Users have read access to all jobs
    Users have write access to their own jobs
    Users have write access to jobs based on an Access Control List (list of users and groups)
    Users have read access to admin operations
    Admin users have write access to all jobs
    Admin users have write access to admin operations

If security is disabled all users are admin users."
http://oozie.apache.org/docs/4.0.1/AG_Install.html#Oozie_User_Authentication_Configuration

Oozie can support kerberos authentication, or custom authentication, but even so users' jobs will be readable by all users.

This is a proposal to protect against exposure of sensitive config/arg values by blocking access to the Oozie server via iptables. Essentially, all access to the Oozie server via the web UI or the client would be limited to acccess from the localhost where the Oozie server is running, or the Sahara host. This would prevent anyone else from accessing the workflows through the Oozie interfaces.

The option to block the Oozie server port(s) would be off by default. Turing it on would cause the addition of iptable entries on the Oozie server host during cluster creation.

Pros for this solution:
* simple
* lightweight
* quick to implement
* doesn't handcuff Sahara to a solution in the future
* easily adjusted by admins. In fact, a documentation-only fix is possible (just make admins aware of the issue and let them set up the firewall)

(spec in progress)