Starting review

Patch is already on review - Tomas forgot to switch the flag.

pushed to master as part of sudorule enhancements:

• 5a1207c sudorule: PEP8 fixes in sudorule.py
• a228d7a sudorule: Allow using hostmasks for setting allowed hosts
• 9304b64 sudorule: Allow using external groups as groups of runAsUsers
• 3a56b15 sudorule: Make sure sudoRunAsGroup is dereferencing the correct attribute
• c7da22c sudorule: Include externalhost and ipasudorunasextgroup in the list of default attributes
• fix: af2eb4d sudorule: Allow adding deny commands when command category set to ALL
• 9bb88a1 sudorule: Make sure all the relevant attributes are checked when setting category to ALL
• a1d6c9a sudorule: Fix the order of the parameters to have less chaotic output
• b1275c5 sudorule: Enforce category ALL checks on dirsrv level
• d537da8 ipatests: test_sudo: Add tests for allowing hosts via hostmasks
• c50d190 ipatests: test_sudo: Add coverage for external entries
• ec2050b ipatests: test_sudo: Add coverage for category ALL validation
• e0fd269 ipatests: test_sudo: Fix assertions not assuming runasgroupcat set to ALL
• 701f1fc ipatests: test_sudo: Do not expect enumeration of runasuser groups
• e7969f5 ipatests: test_sudo: Expect root listed out if no RunAsUser available
• af4518b sudorule: Refactor add and remove external_post_callback

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1113919