Use of the same password on all module tests ease test automation,
and this change ensure that dnsforwardzone use the same password as
other modules.

ipahostgroup: Add support for group membership management

ipagroup: Add support for group membership management

A group membership manager is a user or a group that can add members to
a group or remove members from a group.

This is related to https://pagure.io/freeipa/issue/8114

New parameters have been added to the module:
- `membermanager_user`: List of member manager users assigned to this
  group. Only usable with IPA versions 4.8.4 and up.
- `membermanager_group`: List of member manager groups assigned to this
  group. Only usable with IPA versions 4.8.4 and up.

These parameters behave like member parameters.

A new test has been added:
- tests/group/test_group_membermanager.yml

A group membership manager is a user or a group that can add members to
a group or remove members from a hostgroup.

This is related to https://pagure.io/freeipa/issue/8114

New parameters have been added to the module:
- `membermanager_user`: List of member manager users assigned to this
  group. Only usable with IPA versions 4.8.4 and up.
- `membermanager_group`: List of member manager groups assigned to this
  group. Only usable with IPA versions 4.8.4 and up.

These parameters behave like member parameters.

A new test has been added:
- tests/hostgroup/test_hostgroup_membermanager.yml

Fix service module

This patch adds variable `smb`, that can be used when adding a new
service, and creates a SMB service (cifs) with an optional
`netbiosname`.

This patch changes auth_ind variable to receive a list of values
instead of a single one, so that more than one value can be set
at once.

Tests have been updated to reflect the change.

When using a variable that is invalid for a given action, the `action`
was not being displayed in the error message, leading to a poor user
experience.

This patch explicitly set `no_log` option for `update_password` attribute
to `False`, so that the warning on `no_log` not being set is not issued
anymore. Ansible incorrectly issued the warning, as `update_password` does
not carry sensitive information.

Fixes no_log warning for `update_password`.

Fixes password behavior on Vault module.

This patch fixes handling of password and public_key files, parameter
validation depending on vault type, usage of `salt` attribute and data
retrieval.

Tests were updated to reflect the changes.

New example playbooks are added:

    playbooks/vault/vault-is-present-with-password-file.yml
    playbooks/vault/vault-is-present-with-public-key-file.yml
    playbooks/vault/retrive-data-asymmetric-vault.yml
    playbooks/vault/retrive-data-symmetric-vault.yml

Fixes host absent when DNS zone is not found.

Add missing attribute `services` to vault module.

Wrong variable names in the documentation

Since ipahost uses dnsrecord-show, it raises an error when DNS zone is
not found, but it should not be an ipahost concern.

This patch fixes this behavior by returning no record if DNS zone is
not found, so processing resumes as if there is no record for the host.
It fixes behavior when `state: absent` and dnszone does not exist, so,
host should not exist either, and the ipahost answer is correct and
indifferent to DNS Zone state.

This patch explicitly set `no_log` option for `update_password` attribute
to `False`, so that the warning on `no_log` not being set is not issued
anymore. Ansible incorrectly issued the warning, as `update_password` does
not carry sensitive information.

The `services` member and ownership atttributes were missing from
vault module. This change adds them.

Handling of owner and ownergroups needed to be changed to fix `services`
and, due to this, have also been fixed.

Fixes behavior of ipavault when no user, service or shared is given.

Added pytests as test entrypoint

Added useful notes and the missing variable ipaserver_no_pkinit.

Corrected variable names and description

IPA CLI allows the creation of vaults without specifying user, service or a
shared vault, defaulting to create a user vault for the `admin` user. The
vault module, required that one of user, service or shared was explicitly
provided, and this patch makes the module behave like the CLI command.

Tests were added to reflect this change.

ipauser: Fix certmapdata, add missing certmapdata data option

certmapdata was not processed properly. The certificate was not loaded and
therefore the `issuer` and `subject` could not be compared to the
certmapdata entries in the user record. The function `load_cert_from_str`
from ansible_freeipa_moduleis used for this.

Additionally there was no way to use the certmapdata data format. This
is now possible with the `data` option in the certmapdata dict.

Example: "data: X509:<I>dc=com,dc=example,CN=ca<S>dc=com,dc=example,CN=test"

`data` may not be used together with `certificate`, `issuer` and `subject`
in the same record.

Given certmapdata for the ipauser module is now converted to the internal
data representation using also the new function `DN_x500_text` from
`ansible_freeipa_module`.

New functions `convert_certmapdata` and `check_certmapdata` have been added
to ipauser.

tests/user/certmapdata/test_user_certmapdata.yml has been extended with
additional tasks to verify more complex issuer and subjects and also using
the data format.

This function can be used to check if a command is available in the API.

This is used in ipauser module to check if user_add_certmapdata is available
in the API.

This function is needed to properly convert issuer and subject from a
certificate or the issuer and subject parameters in ipauser for certmapdata
to the data representation where the items in DN are reversed.

The function additionally provides a fallback solution for IPA < 4.5.
Certmapdata is not supported for IPA < 4.5, but the conversion is done
before the API version can be checked.

For certmapdata processing in ipauser it is needed to be able to load a cert
from a string given in the task to be able to get the issuer and subject of
the certificate. The format of the certifiacte here is lacking the markers
for the begin and end of the certificate. Therefore load_pem_x509_certificate
can not be used directly. Also in IPA < 4.5 it is needed to load the
certificate with load_certificate instead of load_pem_x509_certificate. The
function is implementing this properly.

Fixes removal of `all` from categories in sudorule and hbacrule modules.

ipauser: Use encode_certificate for certificates in  find_user result

ipagroup: Add lacking service check for group_remove_member with old IPA

tests/host/test_hosts_principal.yml: Remove dudplicate hosts tag

ipahost: Use dnsrecord_show instead of dnsrecord_find command