Move roles/matrix* to roles/custom/matrix*

This paves the way for installing other roles into `roles/galaxy` using `ansible-galaxy`,
similar to how it's done in:

- https://github.com/spantaleev/gitea-docker-ansible-deploy
- https://github.com/spantaleev/nextcloud-docker-ansible-deploy

In the near future, we'll be removing a lot of the shared role code from here
and using upstream roles for it. Some of the core `matrix-*` roles have
already been extracted out into other reusable roles:

- https://github.com/devture/com.devture.ansible.role.postgres
- https://github.com/devture/com.devture.ansible.role.systemd_docker_base
- https://github.com/devture/com.devture.ansible.role.timesync
- https://github.com/devture/com.devture.ansible.role.vars_preserver
- https://github.com/devture/com.devture.ansible.role.playbook_runtime_messages
- https://github.com/devture/com.devture.ansible.role.playbook_help

We just need to migrate to those.

roles/custom/matrix-synapse/tasks/ext/shared-secret-auth/setup.yml

@@ -0,0 +1,7 @@
+---
+
+- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup_install.yml"
+  when: matrix_synapse_ext_password_provider_shared_secret_auth_enabled | bool
+
+- ansible.builtin.import_tasks: "{{ role_path }}/tasks/ext/shared-secret-auth/setup_uninstall.yml"
+  when: "not matrix_synapse_ext_password_provider_shared_secret_auth_enabled | bool"

roles/custom/matrix-synapse/tasks/ext/shared-secret-auth/setup_install.yml

@@ -0,0 +1,51 @@
+---
+
+- name: Fail if Shared Secret Auth secret not set
+  ansible.builtin.fail:
+    msg: "Shared Secret Auth is enabled, but no secret has been set in matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret"
+  when: "matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret == ''"
+
+- name: Fail if no Shared Secret Auth login types enabled
+  ansible.builtin.fail:
+    msg: "Shared Secret Auth is enabled, but none of the login types are"
+  when: "not (matrix_synapse_ext_password_provider_shared_secret_auth_m_login_password_support_enabled or matrix_synapse_ext_password_provider_shared_secret_auth_com_devture_shared_secret_auth_support_enabled)"
+
+- name: Download matrix-synapse-shared-secret-auth
+  ansible.builtin.get_url:
+    url: "{{ matrix_synapse_ext_password_provider_shared_secret_auth_download_url }}"
+    dest: "{{ matrix_synapse_ext_path }}/shared_secret_authenticator.py"
+    force: true
+    mode: 0440
+    owner: "{{ matrix_user_username }}"
+    group: "{{ matrix_user_groupname }}"
+  register: result
+  retries: "{{ matrix_geturl_retries_count }}"
+  delay: "{{ matrix_geturl_retries_delay }}"
+  until: result is not failed
+
+- ansible.builtin.set_fact:
+    matrix_synapse_modules: |
+      {{
+        matrix_synapse_modules | default([])
+        +
+        [
+          {
+            "module": "shared_secret_authenticator.SharedSecretAuthProvider",
+            "config": matrix_synapse_ext_password_provider_shared_secret_config
+          }
+        ]
+      }}
+
+    matrix_synapse_container_extra_arguments: >
+      {{
+        matrix_synapse_container_extra_arguments | default([])
+        +
+        ["--mount type=bind,src={{ matrix_synapse_ext_path }}/shared_secret_authenticator.py,dst={{ matrix_synapse_in_container_python_packages_path }}/shared_secret_authenticator.py,ro"]
+      }}
+
+    matrix_synapse_additional_loggers: >
+      {{
+        matrix_synapse_additional_loggers
+        +
+        [{'name': 'shared_secret_authenticator', 'level': 'INFO'}]
+      }}

roles/custom/matrix-synapse/tasks/ext/shared-secret-auth/setup_uninstall.yml

@@ -0,0 +1,6 @@
+---
+
+- name: Ensure matrix-synapse-shared-secret-auth doesn't exist
+  ansible.builtin.file:
+    path: "{{ matrix_synapse_ext_path }}/shared_secret_authenticator.py"
+    state: absent