Call hsm_validator on KRA installs and validate the HSM password
hsm_validator was validating that the token was available but
not that the provided password worked. Add that capability.
Also call it early in the CA and KRA installation cycle so that
it errors out early. This is particularly important for the KRA
because there is no uninstaller.
Bump the minimum PKI release to 11.5.0 as that contains important
fixes for the HSM.
Remove an unused arguments to hsm_version and hsm_validator.
Related: https://pagure.io/freeipa/issue/9273
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>