Configure HBAC rules for IPA clients
- Install a cluster-wide rule allowing sysadmin-main members to do
anything, anywhere
- Disable the cluster-wide default `allow_all` rule
- Add host-based rules to give certain groups shell access
Signed-off-by: Nils Philippsen <nils@redhat.com>