Created a reusable tasks list for issung certificates (tls) at the
moment.
Added option for module cert_request to programmatically require
signing of client certificate.
Add support for OpenSSH v8 (ouput of `ssh-keygen` changed slightly) in
module `ssh_cert` and use a better implementation for multiple user CA.
Now we are reading user_ca from `group_vars/all.yaml`.
`user_ca_keys` should be list of each allowed User CA on one host (in
this way is easier to rotate CAs without reissuing keys to each user at
the same time).
The production CA must be the first one in the list. Host certificate
will be checked only against the first CA and updated if their host key
was issued from another CA in the list.
For this reason now we are using a template to create
`/etc/ssh/user_ca.pub` on the target, to preserve the key order.
`group_vars/all.yaml.example` has been updated to reflect the new usage.