factor out cloud-init configuration from bare-metal provider

[cfm]

With the deprecation for new customers of the t1.small.x86 plan, Packet/Equinix is no longer (as of d6b3ccfdc2348d8e639b80031e1ab19352f0a4f2) the obvious bare-metal provider to use. Unfortunately, the provider is the basic unit of Terraform, right down to the terraform-metal- naming convention for this repository and the Terraform module it provides; its cloud-init configuration is assumed to be secondary in importance to the provider on which it's running.

I see two ways forward:

1. Factor out the cloud-init configuration (user_data.sh as of #5) into a separate repository and consume it here as well as in one or more of terraform-{hetzner,scaleway,vultr}-securedrop-staging.
2. Turn this into a provider-agnostic script (under whatever execution framework or none) that can just be pointed at a random root@A.B.C.D SSH connection and run, leaving the provisioning between you and your bare-metal provider of choice.

Whatever approach I take here will probably apply equally to cfm/terraform-metal-securedrop-production.

[cfm]

In discussion last month with @eloquence, approach (1) is preferable. Vultr looks like the way to go, starting at $0.179/hour. Scaleway is cheaper (€0.083 ~= $0.09/hour), but "OS installation can take up to 1 hour".