roles/strongswan-swanctl: Load esp4 module at boot

The *esp4* kernel module does not load automatically on Fedora.  Without
this module, strongSwan can establish IKE SAs, but not ESP SAs.  Listing
the module name in a file in `/etc/modules-load.d` configures the
*systemd-modules-load* service to load it at boot.

roles/strongswan-swanctl/files/esp4.modules-load.conf

@@ -0,0 +1,2 @@
+# esp4.ko is required for IPsec ESP VPN connections
+esp4

roles/strongswan-swanctl/handlers/main.yml

@@ -0,0 +1,2 @@
+- name: load esp4 kernel module
+  command: modprobe esp4

roles/strongswan-swanctl/tasks/main.yml

@@ -5,6 +5,14 @@
   tags:
   - install
 
+- name: ensure esp4 module is configured to load at boot
+  copy:
+    src: esp4.modules-load.conf
+    dest: /etc/modules-load.d/esp4.conf
+    mode: '0644'
+  notify:
+  - load esp4 kernel module
+
 - name: ensure strongswan starts at boot
   service:
     name: strongswan