fix(cis_5.3.1.x): use apt module with lock_timeout for pam packages

Switch from ansible.builtin.package to ansible.builtin.apt module for libpam-runtime and libpam-modules installations to support the lock_timeout parameter for handling apt lock contention.

Author: tmeckel

tasks/section_5/cis_5.3.1.x.yml

@@ -9,9 +9,10 @@
     - pam
     - rule_5.3.1.1
     - NIST800-53R5_NA
-  ansible.builtin.package:
+  ansible.builtin.apt:
     name: libpam-runtime
     state: latest
+    lock_timeout: "{{ ubtu22cis_apt_lock_timeout }}"
 
 - name: "5.3.1.2 | PATCH | Ensure libpam-modules is installed"
   when: ubtu24cis_rule_5_3_1_2
@@ -22,9 +23,10 @@
     - pam
     - rule_5.3.1.2
     - NIST800-53R5_NA
-  ansible.builtin.package:
+  ansible.builtin.apt:
     name: libpam-modules
     state: latest
+    lock_timeout: "{{ ubtu22cis_apt_lock_timeout }}"
 
 - name: "5.3.1.3 | PATCH | Ensure libpam-pwquality is installed"
   when: ubtu24cis_rule_5_3_1_3