feat: define, modify, and remove ipsets

[BrennanPaciorek]

User can specify state: present or state: absent and permanent: true with new ipset arguments to configure ipsets for use in zones using the source argument

• firewall_lib.py
  • new argument: ipset - name of ipset
  • new argument: ipset_type - type of ipset
  • new argument: ipset_entry - contents of ipset
  • protections against failure in check mode when enabling and disabling ipsets for zones
• new file: tests/tests_ipsets.yml
  • tests user defined ipsets (create, modify, delete, use)
• tests: unit: new test cases for triggering ipset warnings and errors
• docs: README, firewall_lib DOCUMENTATION for ipset feature

Enhancement: Users can define, modify, and delete ipsets using the system role, which can be added to and removed from zones or be used when defining rich rules.

Reason: IPSets make firewalld configuration much easier to maintain:

• Rich rules defining rules for many IP addresses can be made much smaller
• Allows for semantic grouping of IP addresses

Also, brings the srole closer to being a full solution for managing firewalld configuration.

Result: Users should be able to manage ipsets using the firewall system role using the following arguments:

• ipset
• ipset_type
• ipset_entries
• short
• description
• state: present or state: absent
• permanent: true

Issue Tracker Tickets (Jira or BZ if any): GitHub Issue #106 BZ 2140880 - https://bugzilla.redhat.com/show_bug.cgi?id=2140880

[codecov[bot]]

Codecov Report

Patch coverage: 100.00% and project coverage change: +4.03% :tada:

Comparison is base (f5a6d46) 57.02% compared to head (217985b) 61.05%.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## main #166 +/- ## ========================================== + Coverage 57.02% 61.05% +4.03% ========================================== Files 2 2 Lines 826 909 +83 ========================================== + Hits 471 555 +84 + Misses 355 354 -1 ``` | Flag | Coverage Δ | | |---|---|---| | sanity | `∅ <ø> (∅)` | | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=linux-system-roles#carryforward-flags-in-the-pull-request-comment) to find out more. | [Files Changed](https://app.codecov.io/gh/linux-system-roles/firewall/pull/166?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=linux-system-roles) | Coverage Δ | | |---|---|---| | [library/firewall\_lib.py](https://app.codecov.io/gh/linux-system-roles/firewall/pull/166?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=linux-system-roles#diff-bGlicmFyeS9maXJld2FsbF9saWIucHk=) | `70.34% <100.00%> (+3.62%)` | :arrow_up: |

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

[BrennanPaciorek]

TODO: increase unit test patch coverage.

[richm]

[citest]

[richm]

[citest]