[federation] Add OIDC federation configuration on OSP17

[afaranha]

Add Ansible playbooks and role tasks to configure OSP 17.1 for OIDC federation, enabling adoption testing with Keycloak as the identity provider.

Changes:

• Add federation-osp17-pre-deploy hook playbook that renders the Heat environment file and configures Keystone for OIDC
• Add run_osp17_oidc_setup.yml tasks to create the federation domain, identity provider, mapping, group, project and protocol on OSP 17.1
• Add enable-federation-openidc.yaml.j2 Heat template for OIDC params
• Refactor Keycloak operator deployment to use kubernetes.core.k8s instead of oc apply with a template file
• Make operator namespace configurable via cifmw_federation_operator_namespace variable
• Add passthrough Route for Keycloak and grant privileged SCC
• Conditionally include the OIDC env file in overcloud deploy

Original Patch: #3307

Jira: https://issues.redhat.com/browse/OSPRH-19960

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign tosky for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[softwarefactory-project-zuul]

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/26034762f48a48fca288e7e854787c5e

✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 06m 43s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 24m 05s
✔️ cifmw-crc-podified-edpm-baremetal SUCCESS in 1h 34m 23s
✔️ cifmw-crc-podified-edpm-baremetal-minor-update SUCCESS in 1h 52m 00s
✔️ cifmw-pod-zuul-files SUCCESS in 5m 06s
✔️ noop SUCCESS in 0s
✔️ cifmw-pod-ansible-test SUCCESS in 9m 22s
❌ cifmw-pod-pre-commit FAILURE in 8m 02s
✔️ cifmw-molecule-adoption_osp_deploy SUCCESS in 3m 32s
✔️ cifmw-molecule-federation SUCCESS in 2m 12s

[softwarefactory-project-zuul]

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/dae0701d12884153b6f006c8aa172cf8

✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 21m 31s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 27m 13s
✔️ cifmw-crc-podified-edpm-baremetal SUCCESS in 1h 45m 11s
✔️ cifmw-crc-podified-edpm-baremetal-minor-update SUCCESS in 2h 07m 06s
✔️ cifmw-pod-zuul-files SUCCESS in 5m 19s
✔️ noop SUCCESS in 0s
✔️ cifmw-pod-ansible-test SUCCESS in 11m 17s
❌ cifmw-pod-pre-commit FAILURE in 6m 59s
✔️ cifmw-molecule-adoption_osp_deploy SUCCESS in 3m 21s
✔️ cifmw-molecule-federation SUCCESS in 2m 04s

[softwarefactory-project-zuul]

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/102768d2db2046618e2df2abea191087

✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 17m 13s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 23m 02s
✔️ cifmw-crc-podified-edpm-baremetal SUCCESS in 1h 31m 30s
✔️ cifmw-crc-podified-edpm-baremetal-minor-update SUCCESS in 2h 02m 25s
✔️ cifmw-pod-zuul-files SUCCESS in 4m 48s
✔️ noop SUCCESS in 0s
✔️ cifmw-pod-ansible-test SUCCESS in 9m 09s
❌ cifmw-pod-pre-commit FAILURE in 7m 36s
✔️ cifmw-molecule-adoption_osp_deploy SUCCESS in 3m 31s
✔️ cifmw-molecule-federation SUCCESS in 2m 17s