New role to automate generation and issuing of certificate using a
`ca_manager` server.

Code is more sintentic and concise, and we avoid duplications.

Add role prefix to role specifig variable to avoid conflicts when
using multiples role on the same machine on the same play.

Fix an error when `ssh_server` last task, the one that checks if the
server has actually started to listen on port 22.

This error occurred while using the `ssh_server` role on a physical
host, not while running on lxc_guests.

- Coherent quotation style
    Single quotes for text variable (even if implicit), no quotes for
    variable and conditional statements, if not required.

- Some useful tags added:
  * ssh_certs
	  renewal of server SSH certificates and configuration of authorized
      CA.
  * tls_pub
	  renewal of public TLS certificates (let's encrypt) and certbot
	  configuration.
  * tls_int
	  renewal of internal TLS certificates (service authorizations) and
	  configuration of authorized internal CA.
	  *(ToDo: deployment of Certificate Revokation Lists)*
  * lxc
      deployment of new containers (deployment of configuration file
	  excluded, for instance change in ip address are always applied and
	  trigger a container restart even if you skip this tag.
  * packages
	  installation and upgrade of software packages (apt, opkg or
	  tarballs)
  * service_password
     create new random password for services-only password, for routine
	 rotation. Not meant to be skipped (some roles need to know the
	 service password, so they do a rotation).

- prepare_host
- ssh_server
- lxc_guest
- ldap
- gitlab

- x509_subject_prefix
- x509_ldap_suffix
	*Replaces:* x509_suffix in ldap.yaml
- letsencrypt_email
	Used in roles/certbot and roles/gitlab
- root_ca_cert
	*Replaces:* ssl_ca_cert and files/lilik_x1.crt

New defaults:

- ldap_domain | default: `${domain}`
- server_fqdn | default: `${hostname}.dmz.${domain}`
	*Replaces:* fqdn_domain

Removed:

- fqdn_dmain
- x509_suffix
	*Replaced by:* x509_ldap_suffix in common

New defaults:

- server_fqdn | default: `${hostname}.${domain}`
   *Replaces*: fqdn
- ldap_domain | default: `${domain}`
- ldap_server | default: `ldap1.dmz.${domain}`
- ldap_basedn | default: `dn(${ldap_domain})`
- enable_https | default: `true`

New defaults:

- server_fqdn | default: `${hostname}.${domain}`

And minor improvements/refactoring

Replace .lilik.it with {{ domain }}

Add support for OpenSSH v8 (ouput of `ssh-keygen` changed slightly) in
module `ssh_cert` and use a better implementation for multiple user CA.

Now we are reading user_ca from `group_vars/all.yaml`.
`user_ca_keys` should be list of each allowed User CA on one host (in
this way is easier to rotate CAs without reissuing keys to each user at
the same time).
The production CA must be the first one in the list. Host certificate
will be checked only against the first CA and updated if their host key
was issued from another CA in the list.

For this reason now we are using a template to create
`/etc/ssh/user_ca.pub` on the target, to preserve the key order.

`group_vars/all.yaml.example` has been updated to reflect the new usage.

The role was still referencing older `ansible_docker_extra_args`
variable.

Replaced with `ansible_ssh_lxc_name`.

this module read a file containing a public key and prepares
the sign_request for a ssl_host or ssh_host request

Resolves #13