Harden access for the ansible user

[billglick]

Review config files to harden and restrict what the ansible user can do.

For example:

• Add restrictions like the following to the sshd match block:

  KbdInteractiveAuthentication no
  PermitTTY no
  PermitTunnel no
  GatewayPorts no

• Review access.conf settings for the user ansible. Perhaps add something like:

- : ansible : tty

• Review sudoers config for user Ansible. Maybe add:

Defaults:ansible !requiretty
Defaults:ansible secure_path=/usr/sbin:/usr/bin:/sbin:/bin