infra/image: Use SYS_ADMIN capability for server deployment

This adds the capabilities SYS_ADMIN and SYSLOG to the container_create
call in build.sh as long as server deployment has been enabled.

The privileged option has been removed as it is no longer needed.

The hostnamectl-wrapper for the container has been removed as it is no
longer needed.

infra/image/dockerfile/c10s: Fix client part deployment for the server

infra/image/shcontainer: New container_copy and container_fetch

Change minimum Ansible version to 2.14

RHEL-9 is still using ansible-core 2.14.

The client part deployment fails in the configuration of NIS. The command
/usr/bin/nisdomainname is failing in a container in this task as the
container is not privileged.

The hostnamectl-wrapper is copied from the freeipa-container container
project to replace /usr/bin/nisdomainname in the container.

container_copy can be used to copy a file to the container,
container_fetch can be used to copy a file from the container.

For more information, please have a look at the podman-cp man page.

ipasudorule: Add support for batch mode and multiple sudorules

Unless there's a real need to use privileged access or to gather Ansible
facts upfront, we should always set "become: false" and
"gather_facts: false". In the case that only a few Ansible facts are
required, 'ansible.builtin.setup' with 'gather_subset' should be used.

As the YAML 1.2 standard dictates, boolean values should only use 'true'
or 'false' values.

This patch fixes these issues in the 'sudorule' test suite.

Currently, ipasudorule must add or modify a single sudorule at a time,
incurring in more load in the server if there are many rules to be
processed.

This patch adds suport for adding multiple sudorules in one playbook
task by using the parameter 'sudorules' and defining a list of sudorules
configurations to be ensured.

As multiple sudorules will be processed, the patch also enables batch
mode processing of sudorules, trying to reduce the load on the server.

Test 'tests/sudorule/test_sudorule_client_context.yml' was modified to
include tasks with 'sudorules' to be executed both on the server or on
the client context.

New tests were added to the sudorule test suite:

    tests/sudorule/test_sudorules.yml
    tests/sudorule/test_sudorules_member_case_insensitive.yml

This patch adds the class EntryFactory to the ansible-freeipa module
utils. This class allows the handling of modules with multiple object
entries as list of objects. When the multi-object parameter is not used,
it creates a list of a single object, allowing for the same code idiom
to be used.

The entries created can be used both as objects, by acessing the values
as properties, or as dictionaires, by accessing the elements as
key-value pairs.

upstream CI: Use Azure 'loops' to create stages

This patch modify the pipelines to create stages using the 'each'
expression on Azure pipelines, so that the configuration and the list of
distributions can be set using variables.

Testing CentOS 8 Stream and Galaxy collections still need to be handled
in a separate group, although, the pipeline configuration becomes easily
changed, specially when updating Ansible versions.

infra/image/build.sh: Use consistent options for hostname

This patch makes the CLI argument for setting the image hostname
consistent with 'start.sh', settling on '-n HOSTNAME' for both scripts.

upstream CI: Move scripts that evaluate repo changes to infra/azure

linters: Remove pydocstyle from linter checks

Pydocstyle has been deprecated is no longer in development. It is also
not a requirement for Ansible tests.

This patch removes pydocstyle from current checks performed.

tests/user/test_users_present_*: Use new generate_test_data.yml

fixipaip infra image service: No need for hard coded admin password

test_services_absent is also part of test_services_present, not needed

Update images to Fedora 41

Deploying FreeIPA in the testing containers requires privileged access.

Fedora has released version 41, which was the previous 'rawhide'
version, and now the 'fedora-latest' requires dnf5 related packages.

All scripts related to the Azure CI now reside on inrfa/azure, but the
scripts that evaluate the changes made against ansible-freeipa's main
development branch.

This patch move these scripts to the proper locations.

Fix upstream CI and remove molecule

ansible-core versions 2.15 and 2.16 and used for all pipelines, but
version 2.17 is not used for CentOS 8 Stream, as platform python on
this version is 3.6 which is not supported in this ansible-core version.

Several optimizations have been done to the pipelines, to make them
closer to what can be reproduced, with the existing scripts, in a
development environment:

- Use start.sh and build.sh scripts to build and start containers
- Use variables to configure different stages instead of using separate
  files
- Use a commom 'prepare_environment' to create the environment for every
  pipeline
- Use a single file defining testing steps (run_tests.yml)
- Remove Centos 7 pipelines
- Reduce the number of pipelines in the test matrix due to the amount of
  time that tests were using
- Use Azure "loop" (each) to create test groups

The above changes make the pipelines easier to understand and modify.

Move Azure scripts to infra directory, as only roles and modules test
playbooks should exist in the tests directory.

For some time now, we had some issues with molecule when building test
images for ansible-freeipa, and replaced the image creation with custom
build scripts that use commom container tools (like Dockerfiles and the
build command).

As there's no more tasks that require the use of molecule, this patch
removes the last bits used by it, and fixes documentation and lint
scripts and configuration.

When using containers to test ansible-freeipa there's a need to deal
with 'podman' the development environment and the Azure environment. In
the Azure environment, with Ubuntu hosts, using 'cap-add' does not allow
FreeIPA to be installed on the containers, and they need to be executed
with privileged mode. On the other hand, on development environments,
such as recent Fedora hosts, there's no need to run the container with
extra privileges.

This patch modifies the utility function 'container_create' to allow the
usage of key-value argumes such as "cpus=4" and "privileged", that will
be used in the container creation.

The currently available options are "privileged", "cpus", "memory" and
"hostname". By default "cpus=2" and "hostname=ipaserver.test.local".

Also, too make the image build script more self-contained, if the
required Ansible collections are not installed, they will be temporarily
installed so that the image can be built.

To force setting the IPA_ENABLE_* variables to run all tests, source the
script using '-I' or set the environment variable SKIP_GIT_TESTS to
'True'.

This will allow the correct selection of Azure pipelines tests to be
based on a single environment variable, what will reduce the number of
test running templates to a singe file.

ipacert: Fix ipacert tests

It seems that in recent versions, a minimum of 2048 bits for RSA keys
are required to request a certificate. This seems to be enforced by
crypto policies.

By adjusting the key size all ipacert tests pass.

fix minor typo in hbacrule and hbacsvcgroup docs