Added support for TrustedUserCAKeys and AuthorizedPrincipalsFile.

[gdelafond]

This PR allow the configuration for TrustedUserCAKeys and AuthorizedPrincipalsFile globally.

It will also write trusted certificate authorities public keys and principals if defined in the file defined by ssh_trusted_user_ca_keys_file and by ssh_authorized_principals.path.

The format for the principals hash is :

• path: the path of the file that will contains principals
• principals: a list of principals
• owner: the file owner (defaults to ssh_owner)
• group: the file group (defaults to ssh_group)
• directoryowner: the file parent directory owner (defaults to ssh_owner)
• directorygroup: the file parent directory group (defaults to ssh_group)

[rndmh3ro]

Thanks @gdelafond, this looks good!

Two things:

• can you put the new tasks into a separate tasks-file and include it from the main.yml (with a single when-clause at the include). I plan on separating more tasks from the main.yml to get some more structure.
• can you please add the examples of the variables next to the veriables in the defaults file (like its done for the ssh_remote_hosts variable)?

[gdelafond]

@rndmh3ro I made the modifications, does it looks good ?

[rndmh3ro]

Looks great, thank you!