Bug 2229802

User can specify `state: present` or `state: absent` and `permanent: true` with new ipset arguments to configure ipsets for use in zones using the `source` argument - firewall_lib.py - new argument: ipset - name of ipset - new argument: ipset_type - type of ipset - new argument: ipset_entry - contents of ipset - protections against failure in check mode when enabling and disabling ipsets for zones - new file: tests/tests_ipsets.yml - tests user defined ipsets (create, modify, delete, use) - tests: unit: new test cases for triggering ipset warnings and errors - docs: README, firewall_lib DOCUMENTATION for ipset feature Enhancement: Users can define, modify, and delete ipsets using the system role, which can be added to and removed from zones or be used when defining rich rules. Reason: IPSets make firewalld configuration much easier to maintain: - Rich rules defining rules for many IP addresses can be made much smaller - Allows for semantic grouping of IP addresses Also, brings the srole closer to being a full solution for managing firewalld configuration. Result: Users should be able to manage ipsets using the firewall system role using the following arguments: - `ipset` - `ipset_type` - `ipset_entries` - `short` - `description` - `state: present` or `state: absent` - `permanent: true` Issue Tracker Tickets (Jira or BZ if any): GitHub Issue #106 BZ 2140880 - https://bugzilla.redhat.com/show_bug.cgi?id=2140880