robustness: fail if systemd.unit could have something in need of quote

Ensure systemd.unit contents is robust. This disables possibility to
have something that needs to be quoted there. But as ansible lacks
proper way to quote systemd unit files (see man systemd.syntax, rules
are not shell rules), it is better to fail such configs. If you are
trying to do that, you are doing it wrong anyway or have malicious
intent.

Also ensure similar issue with sysctl.conf.

Issue can be seen with `tests_hostkeys_unsafe_path.yml`, when adding
following to role params:

       sshd_install_service: true
       sshd_config_file: "{{ ansible_facts.env.TMPDIR }}/sshd.d/foo.conf"
       sshd_binary: "{{ ansible_facts.env.TMPDIR }}/sshd"
       __sshd_runtime_directory: "{{ ansible_facts.env.TMPDIR }}/run"

tasks/install.yml

@@ -4,6 +4,23 @@
  when:
  - not __sshd_os_supported | bool
 
+- name: Ensure variables used in templates in shell or systemd unit contexts are okay
+ ansible.builtin.assert:
+ that:
+ - (sshd_sysconfig_use_strong_rng | string) == (sshd_sysconfig_use_strong_rng | quote)
+ - sshd_binary == (sshd_binary | quote)
+ - sshd_config_file == (sshd_config_file | quote)
+ - (__sshd_runtime_directory is none) or (__sshd_runtime_directory == (__sshd_runtime_directory | quote))
+ - __sshd_runtime_directory_mode == (__sshd_runtime_directory_mode | quote)
+ fail_msg: |
+ sshd_sysconfig_use_strong_rng: {{ sshd_sysconfig_use_strong_rng }} == {{ sshd_sysconfig_use_strong_rng | quote }}
+ sshd_binary: {{ sshd_binary }} == {{ sshd_binary | quote }}
+ sshd_config_file: {{ sshd_config_file }} == {{ sshd_config_file | quote }}
+ {%- if __sshd_runtime_directory is not none %}
+ __sshd_runtime_directory: {{ __sshd_runtime_directory }} == {{ __sshd_runtime_directory | quote }}
+ {% endif %}
+ __sshd_runtime_directory_mode: {{ __sshd_runtime_directory_mode }} == {{ __sshd_runtime_directory_mode | quote }}
+
 - name: Install ssh packages
  ansible.builtin.package:
  name: "{{ sshd_packages }}"