Implement Keepalived health checks for HAProxy
    
    In addition to tracking the status of interfaces, track the HAProxy
    ervice status as well as ports opened by HAProxy to assess whether
    a node should be eligible to host VIPs.
    This avoids traffic being routed to proxy machines which are online
    without an operational HAProxy process.
    
    For security, a less privileged user is created to execute the health
    check commands. We already have "enable_script_security" set to make
    use of it.
    
    The scripts are placed under /usr/local/libexec/keepalived/ as to not give
    the user unnecessary access to /etc/keepalived/ and to make for a more
    canonical location. FHS does not list /usr/local/libexec and Leap by default
    links the libexecdir to /usr/lib, but since /usr/local/libexec exists on
    Tumbleweed, it seems reasonable to create it on our Leap systems already.
    
    As part of this patch, the pillar is reorganized - common Keepalived
    settings move to pillar.common.keepalived, for inclusion with all roles
    using Keepalived. A subdirectory houses sets of health check snippets
    for inclusion in clusters or roles.
    This is to make for a more uniform structure, given us already using a
    common.haproxy pillar structure for shared HAProxy settings, as well
    as to make it easier to deduplicate code for different implementations
    of Keepalived around our infrastructure.
    
    Last but not least, the pillar introduces a "config" level,
    to work with the new formula version.
    
    Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>