Checks if Amazon OpenSearch Service domains have encryption at rest configuration enabled. The rule is NON_COMPLIANT if the `EncryptionAtRestOptions` field is not enabled.