Foreman » Installer

consistently use stdlib::ensure_packages()

In b6088261c08ddfa8d3426ba01c6b35a3d1b1d3a2 ewoud already introduced
`stdlib::ensure_packages()`. There's another place that used the legacy
`ensure_packages()` function. It's deprecated since stdlib 9. This
commit updates the old code to also use `stdlib::ensure_packages()`

Fixes #37291 - Use explicit java on RH with Puppetserver 8

The /usr/bin/java file may point to any version. This changes the logic
to determine the java version (unless explicitly specified) dynamically
based on the puppetserver version and the OS.

Disable FIPS on EL8+

Add puppet8 certificate renewal endpoint

From https://www.puppet.com/docs/puppet/8/server/http_certificate_renew

set PrivateTmp=true for puppetserver

Allow disabling CRL checking on agent

In extrernal CA configurations, it is possible that a CRL is not present
on the server. This allows to tell the agent to skip downloading it and
checking it.

Refs #36620 - Replace whitelist with allowlist

Fixes #35943 - Switch to puppetlabs vcsrepo for gitrepo tracking

Refs #36573 - Drop default value for foreman_url

This default matches what's in theforeman/puppetserver_foreman and is
not needed. Users can still override it, but the default just duplicates
things.

Add TLS1.3 ciphers to default server_cipher_suites

In 2835ba227d5be98d6d7118883c77e7fe9fdd8299 the default
`server_ssl_protocols` was expanded to include TLS 1.3. This had no
affect for users not overriding `server_cipher_suites` though as no TLS
1.3 cipher suites were included by default....