ENH: expand steps, make prod-ready workflow, fix edge cases

[ZLLentz]

I started this PR to fix the issue that was stopping us from setting up the TMO vacuum PLC, but then I kept it open as I added more fixes/workflow improvements. It has gotten fairly big.

List of changes, with accompanying justifications:

• Provide and use a specific ssh config file for the ansible scripts to get some consistency in the scripts. Since everyone might have their own ssh config, it's better to force this one to be used instead.
• Remove the hard-coded ansible_become_password and require it to be passed at each run. This means I won't have to hard-code the real admin password, and instead can ask people to copy it in from Vault.
• Do not enable the freebsd_packages by default. Beckhoff brought back py39-lxml that was referenced in the old comment, so it isn't necessary any more. (Also: I don't like how this old ansible step is not reversible)
• Add configuration option for setting a static IP on the CDS port. There has been chatter lately about potentially doing this for the windows ce PLCs. Including this option in the ansible config seemed prudent.
• Use hostnames as ansible_host variable instead of ip addresses for better compatibility (helped with the tmo PLC, didn't disrupt the test PLCs)
• Expand inventory to include empty categories for every hutch. The main reason the tmo PLC wasn't working is because we added the tmo_all category incorrectly- so let's do it ahead of time.
• Add add_to_inventory.py script for adding plc hostnames to the inventory yaml, to avoid human error in this process.
• Rename first_time_setup.sh to bootstrap_plc.sh for naming consistency with provision_plc.sh
• Rework bootstrap_plc.sh to scp pre-downloaded python libraries to the PLC to avoid manual work or redoing work in multiple ansible playbooks. This lets us defer setting up pkg configuration until we have Python available to run the full suite of ansible command.
• Extend bootstrap_plc.sh to prompt us to change the default password to the secret admin password. Including this in the main workflow increases the chance it actually gets done, protecting our PLCs from accidental changes.
• Add dry_run.sh which does a dry-run of the provisioning playbook, so we can see what a change would have done without forcing it to happen.
• Add make_vars.py which builds an initial version of a host-specific vars.yaml file from a minimal template and appends the commented out options automatically.
• Let us pass through additional args to ansible-playbook via the scripts, just in case we want to use any of the various playbook options.
• Add setup_new_plc.sh as a one-stop-shop for setting up a new PLC, to make it very clear and easy for someone who just wants to "get their PLC ready".
• Add ssh_agent_helper.sh as a helpful utility script for ensuring ssh-agent is running and adding the tcbsd ssh key to it. This will prevent people from needing to type in the admin password dozens of times during setup.
• Add update_admin_pass.sh as a small utility for changing the admin password on a bunch of PLCs at once. I will need to run this any time we decide to update the admin password (hopefully only once).
• Add a second version of the bootstrapping playbook that installs from a pre-uploaded bootstrap directory instead of needing some pkg setup. This is simper and more consistent.
• Make the static IP/dhcp configurations reversible. This will allow us to change our minds as often as we like.
• Adjust the .bashrc template to work properly on BSD14. Sourcing the .shrc file gave many errors on BSD14 that weren't present on BSD13, so let's just take the part we cared about and include it in the .bashrc.

[ZLLentz]

I'm intending to review this in a small group in a dedicated meeting, along with the accompanying how-to procedure. Note to self: don't forget to also review the dotfiles PR.

[nrwslac]

Attended TC Ansible review. lgtm!