Hardening role

[cooldracula]

This adds a role to harden new servers, regardless of how they'll be used.

It's general purpose security hardening, mostly enforcing the following:

• you must use an ssh key to ssh into a server
• you cannot login as root
• Firewall is on by default and, at the start, only allows ssh access

The biggest change to flow is not logging in as root. Instead, an admin user is created, who is part of the sudoers group. We then intentionally become root for tasks that call for it, but otherwise everything is done as an admin user.

[CLAassistant]

All committers have signed the CLA.

[mplorentz]

Actually I'm going to go ahead and merge so I can review #26

[mplorentz]

Ah I can't update the branch for #26 because the source branch is in your fork. Do you need write permissions to this repo @cooldracula?