Add support for LDAP with STARTTLS

[actionjack]

What

The version of the bennojoy/openldap_server role that we use does not support the following:

• LDAP with STARTTLS
• Using your own Certificate Authority signed SSL certificates
• Using a custom version of a CA Certificate file bundle

This PR intends to fix that

How this PR should be reviewed

This PR has been crafted with the aid of dainty white mice wearing pink slippers to be reviewed with the following narrative:

• I want to:
  • Support all types of LDAP connection rather than just LDAPI and LDAPS (which has been deprecated)
  • Remove long and difficult to read lines of code and also make certain options like the hostname & expiry date overrideable
  • Parameterise the default SSL key size since the default is quite low by today's standards
  • Optionally use my own SSL private key
  • Optionally use my own SSL certificate
  • Optionally download a valid CA certificate bundle
  • Optionally use a TLSCACertificateFile on my LDAP server, so I can supply a valid CA certificate chain file if I ever want to use a valid SSL certificate
  • Update the documentation with new variables and fix any mistakes in the previous ones
  • Add a vagrant environment so I can test my changes in a disposal environment rather than on the live server
  • Invoke The Boy Scout Rule and remove all the white space littered around the campground

How to test this PR

A vagrant box has been provided for local testing, simply just:

vagrant up

You modify the site.yml to test the variables and run:

vagrant provision