New idrange management module

ipaautomountmap: Fix parameter evaluation.

There is a new idrange management module placed in the plugins folder:

    plugins/modules/ipaidrange.py

The idrange module allows to ensure presence and absence of idranges.

Here is the documentation of the module:

    README-idrange.md

New example playbooks have been added:

    playbooks/idrange/idrange-absent.yml
    playbooks/idrange/idrange-ad-posix-present.yml
    playbooks/idrange/idrange-ad-present.yml
    playbooks/idrange/idrange-present.yml

New tests for the module can be found at:

    tests/idrange/test_idrange.yml
    tests/idrange/test_idrange_client_context.yml

This patch fixes the error messages when an invalid number of 'mapname'
are provided for states 'present' or 'absent'.

The usage of 'automountmapname' is required in all automount map IPA
API calls, and this change ensures that the value is always set as
an argument.

ipatrust: fix range_type and test enhancement.

module_utils: Fix comparison of elements not in IPA object.

ipatrust: Set valid choices for trust_type.

The ipatrust module was ignoring the value of `range_type`, which is
required to allow for different types of idranges.

This patch applies several changes to the ipatrust test playbook:

* Add externally defined parameters so execution in local trust
  environments can be configured. The available parameters are:
    * winserver_admin_password: the Administrator password for the AD
      server (default: 'SomeW1Npassword')
    * winserver_domain: the AD server domain (default: 'windows.local')
    * winserver realm: the AD server realm (by default, the uppercase
      version of winserver_domain)
    * ipaserver_domain: the FreeIPA server domain (default: 'ipa.test')
    * ipaserver_realm: the FreeIPA server realm (by default, the
      uppercase version of ipaserver_domain

* Modify trust verification to check for the existence of the trust as
  it the output of `ipa trust-find`, instead of cheking for the number
  of items returned, as the number might vary.

* Add idempotency tests by re-executing tasks and verifying that no
  change was performed.

* Added tests to verify creation of trusts with different 'range_type'.

* Use a Kerberos cache for shell scripts, and destroy it on exit.

* Properly remove all `idrange` that might be created upon setting up a
  trust.

As the task is expected to fail, the AD realm name was modified to show
the expected behavior more clearly.

DNS forward policy: ensure consistency between module parameters.

This patch updates the ipatrust documentation about the 'trust_type'
parameter, and changes one password to be similar to the standard
passwords used in other modules.

Ensure only valid choices for trust_type ('ad')  are available for the
module parameter.

This change allows clearing automountmap 'description' attribute by
passing an empty string ("") as the playbook parameter.

New test cases were added to check this behavior.

Due to a change in 'ansible_freeipa_module.compare_args_ipa', playbook
parameters using empty strings are correctly evaluated, and do not need
to be removed before comparison is performed.

A new test playbook, with tests for clearing attributes with an empty
string ("") is available at:

    tests/user/test_user_empty_lists.yml

This change modifies the comparison of the retrieved IPA object and the
provided arguments on ansible_freeipa_module.compare_args_ipa when the
provider argument is an empty string.

If an attribute is not available in 'ipa', its value is considered to be
a list with an empty string (['']), possibly forcing the conversion of
the 'args' attribute to a list for comparison. This allows, for example,
the usage of empty strings which should compare as equals to inexistent
attributes (None), as is done in IPA API.

utils/new_module templates: Add missing password to example playbooks.

Update module templates to current practices.

ansible-lint: Identify env_*.yml and tasks_*.yml as task files.

Failing to identify task files included by playbooks raised false
positives when runnnig ansible lint. This change force ansible-lint to
correctly identify YAML files named "env_*.yml" or "tasks_*.yml" as task
files that are imported by other playbooks, and treat them accordingly.

Modules ipadnsconfig and ipadnsforwardzone allow the setting of forward
policy for zone forwarders, but the parameter names differ between the
modules.

This patch ensures that the same parameter names can be used in each
module. To keep backwar compatibility in both modules, both
`forward_policy` and `forwardpolicy` are now supported.

Add missing ipaadmin_password to example playbooks so new modules have
all necessary fields set on basic files.

Update README-group.md

Fixed issue #790 changed line 103 to be more accurate.

Ensure example playbooks have ipaadmin_password and it is the standard one.

Update pylint to version 2.12.2

Some example playbooks do not had the parameter `ipaadmin_password`
set, and some had a different value than the standard value
"SomeADMINpassword".

This patch fixes this difference in all example playbooks.

Update pylint version to the latest supported by Fedora 36.

Newer versions of pylint warns about not using f-strings, but those are
not supported in Python 2, which ansible-freeipa still need to support.

module_params_get*: Fail on empty string in string list parameters

automember: Remove debug output

The warn debug line was added with "Add automember default group
handling" d2648b14

The parameters user_auth_type, pac_type and configstring are allowing to
use "" to reset to the default value or for configstring to set an empty
list.

The new check in params_get is not allowing to use empty strings in lists,
therefore allow_empty_string=True had to be added to the call.

A test has been added to verify that the empty strings are supported and
working.

Additionally empty pac_type, user_auth_type and domain_resolution_order
have been added to exit_args as if they have not been set.

The parameter auth_ind is allowing to use "" to reset to the default
value.

The new check in params_get is not allowing to use empty strings in lists,
therefore allow_empty_string=True had to be added to the call.

A test has been added to verify that the empty strings are supported and
working.

The parameters auth_ind and pac_type are allowing to use "" to reset to
the default value.

The new check in params_get is not allowing to use empty strings in lists,
therefore allow_empty_string=True had to be added to the call.

A test has been added to verify that the empty strings are supported and
working. An idempotency issue with pac_type has been found with the test
and fixed additionally.

The parameters userauthtype and sshpubkey allowing to use "" to reset to
the default value.

The new check in params_get is not allowing to use empty strings in lists,
therefore allow_empty_string=True had to be added to the call.

A test has been added to verify that the empty strings are supported and
working. An idempotency issue with sshpubkey has been found with the test
and fixed additionally.

So far it is possible to pass list parameters with empty strings to the
modules. The use of empty strings in list does not make a lot of sense,
though. The simple solution is to add a check to module_params_get for
empty strings in returned lists.

The option allow_empty_string can be set to True to allow an empty string
in the list with a list len of 1. The option defaults to False. It is
needed for some parameters the modules, like for example userauthtype in
the user module. It is using "" to reset to the default value.

module_params_get_lowercase has been changed to use module_params_get to
have one place to add the check.

Due to an issue in Ansible it is possible to use the empty string "" for
lists with choices, even if the empty list is not part of the choices.
Ansible issue https://github.com/ansible/ansible/issues/77108