ipaclient_setup_nss: Create DNS SSHFP records, update to latest FreeIPA

There have been several settings in ipaclient_setup_nss that have been
hard coded instead of using the settings from the role. This has been
fixed and the code in ipaclient_setup_nss has been updated to the latest
version of FreeIPA with compatibility changes for older FreeIPA versions.
Additionally the api is now properly configured so that the DNS SSHFP
records are now properly created if no_dns_sshfp is not enabled.