step_ca_certificate: Support file attributes

[maxhoesel]

The step_ca_certificate module deals with writing files to disk, so it should support the common file attributes as provided by ansible: https://github.com/ansible/ansible/blob/devel/lib/ansible/plugins/doc_fragments/files.py

This would allow direct setting of owners, selinux context etc.

[eengstrom]

I'm hopeful that the final etc. would include permissions.

Related - As of this moment, I'm experimenting with using ACLs to allow non-root processes access to the generated certificates.

[eengstrom]

I was thinking about this again, and recalled that when I was working on the PR (#129) to solve #127, I implemented this convention for the _certfile and _keyfile vars passed to the module, as in this example:

vars:
  # ...
  step_cert_certfile:
    path: "{{ bacula_tls_dir }}/{{ inventory_hostname }}.crt"
    owner: "{{ bacula_master_user }}"
    group: "{{ bacula_master_group }}"
    mode: "0644"
  step_cert_keyfile:
    path: "{{ bacula_tls_dir }}/{{ inventory_hostname }}.key"
    owner: "{{ bacula_master_user }}"
    group: "{{ bacula_master_group }}"
    mode: "0600"

That is, passing a dictionary in place of a simple string. The module could conditionally accept either a string, assumed to be the path, or a dictionary which must provide the path key/value pair.

In full disclosure, I can't recall if I came up with that on my own, or I was following a previous convention that you had started. More importantly, it's a bit of non-standard approach. On the other hand, it does allow the specification of the dictionaries elsewhere and passed as a single variable.

I might be able to make some time to help implement, regardless of the approach, but I'd rather not start if you don't like the approach itself, @maxhoesel .