Add matrix_user_shell and default it to /sbin/nologin

This is a backward-incompatible change. By default, Ansible creates
users with (e.g.) `/bin/sh` on Linux, so changing to a no shell
leads to different behavior.

That said, it appears that using a shell-less user works OK with regard
to Ansible execution and starting the systemd services/containers later on.

roles/custom/matrix-base/defaults/main.yml

@@ -177,6 +177,8 @@ matrix_container_global_registry_prefix_override: ""
 
 matrix_user_name: "matrix"
 matrix_user_system: true
+matrix_user_shell: /sbin/nologin
+
 matrix_group_name: "matrix"
 matrix_group_system: true