user linger needed before secrets

[richm]

The https://github.com/linux-system-roles/podman/blob/main/tasks/create_update_kube_spec.yml#L2 user lingering stuff needs to be done before creating any secrets for a rootless user, and needs to be removed when the last user secret is removed.

For the creation, we can probably just copy the block of code and put it near the top of handle_secrets after we know the user.

The removal is a bit tricky. We need to know when the last secret is removed, and we need to coordinate the linger removal with https://github.com/linux-system-roles/podman/blob/main/tasks/cleanup_kube_spec.yml#L50 and https://github.com/linux-system-roles/podman/blob/main/tasks/cleanup_quadlet_spec.yml#L75 - maybe something like this:

main
  __podman_cancel_user_linger: {}  # set of users to check if can cancel linger
  for secret in secrets
    handle_secret
      if rootless
        if removing
          __podman_cancel_user_linger[username] = true
        else
          if not lingering then enable lingering
          __podman_cancel_user_linger[username] = false  # possibly deleted one secret and added another

similar logic for kube specs and quadlets - set user to true or false in __podman_cancel_user_linger
then, at the end of tasks/main.yml

for username in __podman_cancel_user_linger.keys() if __podman_cancel_user_linger[username]
  get secrets for user
  if any secrets
    continue  # try next user
  get containers for user
  if any containers
    continue
  get volumes for user
  if any volumes
    continue
  get networks for user
  if any networks
    continue
  # if we got here, there are no resources in use for username
  cancel linger for username
__podman_cancel_user_linger: {}  # erase