ipauser: Fix idempotence issue when using 'preserved'.

When ensuring states 'undeleted', 'enabled', 'disabled', and 'unlocked'
the error messages for an unexistent user were not consistent.

This change changes the message for all states to "No user '%s'."

When trying to ensure 'state: absent' with 'preserved: yes' in ipauser,
after the first execution the playbook would fail with "user is already
present". Similar idempotence issue would happen when 'state: undelete'
was used.

This PR fixes both issues, and improve tests for the states where user
is preserved, enabled and disabled. The 'find_user' function now uses
IPA API 'user_show' instead of 'user_find' so that only the requested
user is actually returned.

dnsconfig: Add 'action: member' to dnsconfig example playbooks.

As of verison 1.6.1 of ansible-freeipa, ipadnsconfig supports
'action: member' to manage DNS forwardes, and requires the use of this
action if 'state: present'.

This patch fixes the playbook examples.

group: Services are ipapython.kerberos.Principal and case insensitive

sudorule: Fix management of deny_sudocmdgroup.

The services returned by group_find are of type
ipapython.kerberos.Principal. Addtionally the services are case
insensitive. Therefore services need to be converted to a lowercase
sting for proper comparison.

test_group.yml has been extended with service tests.

Upstream tests were not testing one path of code related to variable
`deny_sudocmdgroup`, and a regression was added.

This patch fixes a call to the current configuration dictionary, and
add tests so that the code path is executed in the upstream tests.

automountmap: Add client context test playbook.

The client context test playbook was missing for ipaautomountmap.

User tests: Extend expiration dates for client on server test

The client context on server test is failing with a date that is
expired. The server context on server test is not failing.

Setting an expired date with the command line is possible though.

dnsconfig: add support for 'action: member'.

This patch adds support for 'action: member' for ipadnsconfig plugin,
impacting management of DNS forwarders setting.

Use of 'state: absent' now requires 'action: member'. With 'state:
present', orwarders can be either defined through 'action: dnsconfig'
or added using 'action: member'.

Tests have been updated to reflec the new behavior.

sudorule: fix idempotence issues and refactor.

This change refactors member management for ipasudorule module and
fixes idempotence issues related to case insensitive comparison.

dnsconfig: Fix management of forwarders.

ipahostgroup: Ensure host members are lowercase and FQDN

If one tries to set a list of forwarders which include an already
existing forwarder, the existing forwarder is removed, and the list
of configured forwarders contain only the new ones.

This patch fixes this behavior by setting a union of the currently
available forwarders and the list of forwarders provided in the
playbook.

Tests were added to ensure this behavior.

The host members of ipahostgroup need to be lowercase and FQDN to be
able to do a proper comparison with exising hosts in the hostgroup.

Fixes: #666 (ipahostgroup not idempotent and with error)

README test: Also check role readme files

The test is now also checking that role README files are mentioned in
the main README.

ipaclient_get_keytab: Do not use gssapi for kinit_keytab

Due to a change in Ansible to depend on Python 3.8 it is needed to only
use bindings that are provided by Python and Ansible core. gssapi is
therefore not usable any more.

The kinit_keytab function was using gssapi and now has to use the kinit
command insead.

README.md: Add automount key and map, fix ref to hbacsvcgroup and test

The main REAADME has been fixed to contain information about the
automount key and map modules, the reference to the hbacsvcgroup README
has been fixed and a new test has been added as a github workflow.

hbacrule: Fix member management idempotence issues.

iparole: Fix idempotence issues

ansible-test: Fix new findings

ERROR: Found 6 pylint issue(s) which need to be resolved:
ERROR: plugins/modules/ipaserver_prepare.py:395:4: invalid-name: Variable name "e" doesn't conform to snake_case naming style
ERROR: roles/ipaserver/library/ipaserver_prepare.py:395:4: invalid-name: Variable name "e" doesn't conform to snake_case naming style
ERROR: roles/ipaserver/module_utils/ansible_ipa_server.py:333:12: invalid-name: Variable name "ds" doesn't conform to snake_case naming style
ERROR: roles/ipaserver/module_utils/ansible_ipa_server.py:348:12: invalid-name: Variable name "ds" doesn't conform to snake_case naming style
ERROR: roles/ipaserver/module_utils/ansible_ipa_server.py:361:12: invalid-name: Variable name "ip" doesn't conform to snake_case naming style
ERROR: roles/ipaserver/module_utils/ansible_ipa_server.py:364:12: invalid-name: Variable name "e" doesn't conform to snake_case naming style

e has been replaced with err, ds with _ds, ip with _ip.

build-galaxy-release.sh: Use build dir, new options, checks, no reset

Members of hbacrule must be compared in a case insensitive manner.
This patch fixes comparation of member parameters against existing
members by converting parameters to lowercase.

Also, there were some cases where a change with an empty set of members
was issued to IPA API, leading to a result of 'changed: yes' when
'changed: no' was expected. The fix involved a refactoring of the
member management code.

Add a task to FreeIPA facts task file to ensure that the variable
'ipaserver_domain' is set.

The value is set form `ansible_facts['fqdn'], if available, or set to
`ipa.test`, otherwise.

hbacsvcgroup: Fix member management idempotence issues.

Enable pylint for ansible-freeipa roles.

pre-commit: Use system shellcheck.

pre-commit: Update ansible-lint version to v5.3.2

The official ShellCheck pre-commit hook uses a docker image, but it
is, sometimes, unavailable. This change will use the system installed
ShellCheck executable and does not depend on the image download.