vmhost: Allow host provisioner to log in

This commit adds tasks to the `vmhost.yml` playbook to ensure the
*jenkins* user has the Host Provisioner's SSH key in its
`authorized_keys` file.  This allows the Host Provisioner to log in and
access the read-only _libvirt_ socket in order to construct the dynamic
Ansible inventory.

vmhost.yml

@@ -13,3 +13,35 @@
   serial: 1
   roles:
   - vmhost
+- hosts: vm-hosts
+  tasks:
+  - name: ensure jenkins user exists
+    user:
+      name: jenkins
+      create_home: false
+      state: present
+    check_mode: true
+    register: jenkins_user
+    tags:
+    - user
+  - name: ensure jenkins user home dir exists
+    file:
+      path: '{{ jenkins_user.home }}'
+      owner: '{{ jenkins_user.uid }}'
+      group: '{{ jenkins_user.group }}'
+      mode: u=rwx,go=
+      state: directory
+    tags:
+    - homedir
+  - name: ensure host provisioner ssh key is authorized
+    authorized_key:
+      user: jenkins
+      key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICoOO/ZYMxRgmyvqZwGN3NM5pHyh3NBdC7iZrXIopt93
+      comment: Host Provisioner
+      manage_dir: true
+      key_options: restrict
+      state: present
+    tags:
+    - authorized_keys
+  tags:
+  - host-provisioner