ipauser: Use PARAM_MAPPING and query state support

The ipauser module has been reworked to use the new PARAM_MAPPING added
to ansible_freeipa_module.

The member handling for manager, principal, certificate and certmapdata
has been simplified by using gen_member_add_del_lists. The member
entries in PARAM_MAPPING are now marked with "member": True. This
replaces the manual calls to gen_add_del_lists, gen_add_list and
gen_intersection_list across three separate action/state branches with
a single unified call.

The new query state allows to retrieve user information from IPA.
The query_param option controls which fields are returned: BASE for
essential fields, ALL for all fields, PKEY_ONLY for user names only,
or a list of specific field names.

Here is the updated documentation of the module:

    README-user.md

New tests for the query state can be found at:

    tests/user/test_user_query.yml

Author: t-woerner

README-user.md

@@ -368,6 +368,100 @@ Example playbook to ensure users are absent:
       state: absent
 ```
 
+
+Example playbook to query a user and print the base fields:
+
+```yaml
+---
+- name: Playbook to query users
+  hosts: ipaserver
+  become: true
+
+  tasks:
+  - name: Query user pinky
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      state: query
+    register: result
+
+  - name: Print user info
+    debug:
+      var: result.user
+```
+
+
+Example playbook to query specific fields of a user:
+
+```yaml
+---
+- name: Playbook to query users
+  hosts: ipaserver
+  become: true
+
+  tasks:
+  - name: Query first and last name of user pinky
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      query_param:
+      - first
+      - last
+      - email
+      state: query
+    register: result
+
+  - name: Print user info
+    debug:
+      var: result.user
+```
+
+
+Example playbook to query all fields of a user:
+
+```yaml
+---
+- name: Playbook to query users
+  hosts: ipaserver
+  become: true
+
+  tasks:
+  - name: Query all fields of user pinky
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      name: pinky
+      query_param: ALL
+      state: query
+    register: result
+
+  - name: Print user info
+    debug:
+      var: result.user
+```
+
+
+Example playbook to query only the names of all users:
+
+```yaml
+---
+- name: Playbook to query users
+  hosts: ipaserver
+  become: true
+
+  tasks:
+  - name: Query all user names
+    ipauser:
+      ipaadmin_password: SomeADMINpassword
+      query_param: PKEY_ONLY
+      state: query
+    register: result
+
+  - name: Print user names
+    debug:
+      var: result.user.users
+```
+
+
 When using FreeIPA 4.8.0+, SMB logon script, profile, home directory and home drive can be set for users.
 
 In the example playbook to set SMB attributes note that `smb_profile_path` and `smb_home_dir` use paths in UNC format, which includes backslashes ('\\`). If the paths are quoted, the backslash needs to be escaped becoming "\\", so the path `\\server\dir` becomes `"\\\\server\\dir"`. If the paths are unquoted the slashes do not have to be escaped.