fix(blackbox_exporter): make capability setting idempotent

[sverrehu]

Recently, the "Ensure blackbox exporter binary has cap_net_raw capability" task has reported a change for every pipeline run. This PR contains two changes to fix this behavior.

• An old bug in community.general.capabilities, which is caused by naive comparison between requested state and observed state, will indicate a change if the operation is anything besides =. This PR changes from cap_net_raw+ep to cap_net_raw=ep to fix this.

• A recent PR set changed_when: "'molecule-idempotence-notest' not in ansible_skip_tags", which translates to changed_when: true, causing this task to appear as changed no matter what. This PR removes this line.

With these changes, our pipeline reports no change if the cap_net_raw is as wanted, and reports change otherwise.

[erikgb]

@gardar Could this be the culprit task causing Prometheus always to restart, ref. https://github.com/prometheus-community/ansible/pull/431#issuecomment-2422526033?

[SuperQ]

This wouldn't case Prometheus to restart, only the blackbox_exporter.

[SuperQ]

This needs a DCO sign-off. You can use git commit -s --amend to add it.

[sverrehu]

I noticed some idempotence checks failed. Before this PR, those tests would in effect have changed_when: false, as molecule-idempotence-notest was part of ansible_skip_tags in Molecule's idempotence checks.

I just added molecule-idempotence-notest as part of the tags, in order to skip this task completely during Molecule's idempotence checks. Hopefully, the effect should be the same as before, but without having any effect when running outside of Molecule.

PS: The reason it fails on Ubuntu 20.04 is that getcap on that version returns cap_net_raw+ep no matter how we set it. On other platforms, getcap returns cap_net_raw=ep.

[gardar]

The failing CI tests will be fixed with #440