Request: Variable to override "even_deny_root" default setting

[raratiru]

ansible-collection-hardening/roles/os_hardening/templates/etc/security/faillock.conf.j2

Line 52 in db998ef

even_deny_root

I just hardened my Debian 13 server and got locked out due to failed ssh attempts from bots.

• I use fail2ban to ban those IPs.
• I have disabled all ssh password logins.

Nonetheless, the root account got locked due to those many different IPs that try to login even once, before they are banned.

If this should be the default, I would expect a variable that allows a user to override this setting.