> run the tokenizer on the client side, client submits encrypted tokens to the search index.

That would be an incredibly insecure method of encryption.

> or don't provide a search service, have client have its own local index.

Yep, I would prefer an on-prem solution.