proxmox: add LDAP user sync script

Since OIDC auth doesn’t support groups, get them from AD over LDAP.

Add a script to fetch user and groups, and update /etc/pve/user.cfg. The
script is only installed on one node (first alphabetically), with a cron
job to run it daily.

The script is installed for clusters with the sync-ldap context key set
to a corresponding OIDC realm. The keys ldap_user and ldap_pass must be
present in the password store under cluster/<name>.

roles/proxmox/tasks/main.yml

@@ -52,3 +52,5 @@
 - include_tasks: firewall.yml
 
 - include_tasks: frr.yml
+
+- include_tasks: user.yml