Would you be able to show your plugin-security.policy for x-pack-watcher ?
Most likely it would be in "/usr/share/elasticsearch/modules/x-pack-watcher"
Could you also point to a place where you got your JDK from?
Please add following line -Djava.security.debug=access,failure
to your elasticsearch jvm.options /etc/elasticsearch/jvm.options
And then provide us with logs from sudo journalctl -u elasticsearch
Possibly the problem described by a user here might be similar to yours:
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.