Escape salts and keys to avoid templating errors

[fullyint]

This PR adds a new vars plugin built from Ansible's noop.py example. The new plugin escapes WP env salts and keys (group_vars/<environment>/vault.yml) by wrapping them in {% raw %} to prevent the problem that arises when the strings include {{ or {% (e.g., #484).

Here is an excerpt of the remote's .env produced by a deploy. No longer causes errors on deploy.

AUTH_KEY='gene{%rateme'
AUTH_SALT='g{{enerateme'
LOGGED_IN_KEY='generatem{%e'
LOGGED_IN_SALT='gene{%rateme'
NONCE_KEY='{{generateme'
NONCE_SALT='generateme'
SECURE_AUTH_KEY='generat{{eme'
SECURE_AUTH_SALT='g{%enerateme'

This PR adds one vars plugin file, still mirroring Ansible project's structure.

lib/
  trellis/
    modules/
    plugins/
      callback/
      filter/
      vars/             <-- new
        vars.py         <-- new
    utils/

Note. The lib/ansible/plugins/vars dir is there in Ansible, but the example vars plugin they offer is in lib/ansible/inventory/vars_plugins.

The new plugin uses host.vars[key] = value to override var, because vars returned by host.get_group_vars are only a copy. Changing the latter (the copy) would have no effect.

Note. Don't be alarmed if you test this in a debug task and it doesn't work. This works for Trellis usage of wordpress_sites[site].env in template module. The {% raw %} tags are indeed being added. The debug module can print vault_wordpress_sites['example.com'].env.nonce_key but not item.value.env.nonce_key using with_dict. It seems the debug module sometimes doesn't honor the {% raw %} tags (?).

[swalkinshaw]

🔥 this blank line for consistency

[swalkinshaw]

👍 other than minor nitpick