We put the doas authorization for collectd in the global file and we let it if
collectd is not there, because otherwise the authorization would be removed if
the base role was run without the collectd role, even if collectd was still
running. Collectd would have been broken.
Fix#34
We now use a unique evobsd_group (evolix by default).
Each user has 2 groups : evobsd_group and user.name.
Only evobsd_group can ssh to server and use doas.
I also added a password restrictions block for IPs/group.
And we make sure the home folder is only readable by owner.