Smarter handling of dynamic vars

[conorsch]

Mostly this is cleanup of the too-hasty #56. The new two-arg form of the gpg --verify commands requires references to both the .tar and .tar.xz versions of the Linux source. Since the build role already uses a Python module to assemble dynamic vars, let's create new vars in there so they're accessible to the whole role.

Major benefit: we can delete use of the regex_replace filter, which has become troublesome to maintain, since Ansible v1 and v2 require different escaping styles when using that filter. Similarly, we can delete that filter in the install role, using instead full Python in a custom filter.

[conorsch]

@ageis Can you give this PR a go? Let's not merge until both you and I confirm that we can build both build and install on this branch. That should root out any sneaky issues.

• [x] @conorsch can build successfully
• [x] @conorsch can install successfully
• [x] @ageis can build successfully
• [x] @ageis can install successfully

Tests are forthcoming, but for this PR you'll still need to update the deb package in between the build and install runs, as usual.

[ageis]

@conorsch make sure you update grsecurity_patch_type to grsecurity_build_patch_type in the example playbooks.

[conorsch]

Done.

There are a handful of vars returned by the grsecurity_urls fact-finding module that aren't namespaced, but since those are determined dynamically within the role, they will always take precedence over other vars, so there's no risk of accidental collisions. Seems fine to leave them as-is for now.

[ageis]

@conorsch Looks good, I also ran the install role successfully. Approved for merge by me... As an aside, we're close to being able to rip out those paxctl tasks.