The easiest way to get complete access over the cluster, including the internal searchguard configuration index is to use the admin certificate. This is the one that you use when executing sgadmin. You can for example use curl with the admin certificate like:
curl -k \
--cert "/path/to/admin-cert.pem" \
--key "/path/to/admin-key.pem" \
-XPUT "https://sgssl-0.example.com:9200/_all/_settings" \
-H 'Content-Type: application/json' \
-d '{ "index.blocks.read_only_allow_delete": null }'
(This is using curl compiled with OpenSSL. Depending on your curl version the command line switches for the certificate and the key might vary).