Add split-SSH formula that uses QVM tags

[gonzalo-bulnes]

Prepares the release of qubes-mgmt-user-salt-split-ssh-2.0.0-1.

This version introduces breaking changes, as well as a new pattern of targeting _qubes_based on QVM tags (see #14).
In order to achieve the latter, the formula depends on another formula (qvm-tags-in-pillar) through an RPM dependency.

The RPM dependency ensures that the formula is available once this package is installed, but enabling it is still a manual step that is performed at the same time, and in the same way, as enabling the split-ssh formula. (See README in this PR.)

To do

• Write this description
• Document usage and list QVM tags to be used
• Document dependency on qvm-tags-in-pillar, especially remind to enable top files
• Add dependeency to RPM spec file Requires
• Example scenarios?
• Salt requires (for ordering, not needed for dependency management)

Testing

• Installing the split-ssh package installs the qvm-tags-in-pillar package as a dependency
• Both formulas as installed in the expected /srv/user_salt directories
• Both can be enabled as expected

Out-of-scope questions

• Uninstalling the split-ssh package suggests to uninstall the qvm-tags-in-pillar package as well?
• What about disabling the formulas before uninstalling?

[gonzalo-bulnes]

@bcduggan Here's a preview 😉 (new vs old)

The two versions have roughly the same flexibility when it comes to configuration of which qubes have which roles, but the new version expects existing qubes with tags, while the old one was creating named qubes.

Let me know if that looks like what you've been thinking / using. I suspect it could be very close. 🙂

Note: The RPM spec is not complete, because it should declare a dependency on qubes-mgmt-salt-user-qvm-tags-in-pillar. (And the question of having that top file enabled is pending, I'm not sure yet what is best to do there.) And as you'll see, there are FIXME labels here and there in the supporting files. "Preview."