ipaserver: Add support for DNS over TLS

This change adds support for DNS over TLS to the ipaserver role.

New variables

ipaserver_dot_forwarders
    List of DNS over TLS forwarders. Required if ipaserver_dns_over_tls
    is enabled. (list of strings)
    required: false
ipaserver_dns_over_tls | ipaclient_dns_over_tls
    Configure DNS over TLS. Requires FreeIPA version 4.12.5 or later.
    (bool, default: false)
    required: false
ipaserver_dns_over_tls_cert
    Certificate to use for DNS over TLS. If empty, a new certificate will
    be requested from IPA CA. (string)
    required: false
ipaserver_dns_over_tls_key
    Key for certificate specified in ipaserver_dns_over_tls_cert. (string)
    required: false
ipaserver_dns_policy
    Encrypted DNS policy. Only usable if `ipaserver_dns_over_tls` is
    enabled. (choice: relaxed, enforced, default: relaxed)
    required: false

New distribution specific variable

ipaserver_packages_dot
    List of IPA packages needed for DNS over TLS.