Add `ssh-host-sign` and `dev-sec.ssh-hardening` roles to grafana.yml playbook

[kysrpex]

Sign stats ssh host keys with ca and advertise them to clients. Should fix the stats-grafana Jenkins project (prev. manual run of course).

[kysrpex]

@mira-miracoli I assume at this point you signed the host keys? (I see Jenkins now runs)

[kysrpex]

I see we have a dedicated playbook for this (so merging this PR does not really make much sense), but the project is turned off in Jenkins (it is expected to be run manually). Maybe it makes sense to run it automatically e.g. once a year.