Ansible install - move sysctl tasks to packaging logic

[msheiny]

Feature request

Description

The sysctl module we are using is particularly slow to install. It is looping over a list of sysctl_flags and running a reload (sysctl -p) after each one is laid out. Even if no changes are made this seems to be particularly annoying.

We should consider templating the sysctl file and adding a sysctl refresh handler whenever that changes. Take a look at what some other community members are doing - https://github.com/debops/ansible-sysctl/blob/master/tasks/main.yml

User Stories

As a securedrop admin, the waiting time for sysctl tasks to finish is TOO DANG HIGH

[conorsch]

We could move these config items to the securedrop-keyring package, which would provide the additional benefit of allowing config changes via automatic updates. As it stands, the sysctl options are set at install time, and rarely asserted thereafter. To be clear, moving the sysctl options to a deb package would certainly reduce provisioning time, as requested in the OP.

[conorsch]

In the context of #2641, it's a good idea to move these sysctl settings to a package. In fact, we already did that for vm stack heap settings during #1861. Moving all the settings into a package would give us much better control, and minimize our need to pester admins.