Last attempt (08f31a3f) fixed
compilation bug generated a bug because an empty string was generating
an extra --volume parameter on container creation.

Now we move back to using an Array and fix our deploy script
accordingly.

The Git binary in the Weblate container for the version we currently
need (3.11.3) is now unable to verify Tails' GitLab's certificate:

    $ git clone https://gitlab.tails.boum.org/tails/tails.git
    fatal: unable to access 'https://gitlab.tails.boum.org/tails/tails.git/': server certificate verification failed. CAfile: none CRLfile: none

As a workaround, we bind-mount the host's libgnutls30 library (and other
needed linked libraries) into the container.

This has to be removed once Weblate is upgraded to run with a
container having a newer libgnutls30.

When porting Weblate to a container, the Apache2 config was not cleaned
up. This change moves such config to an EPP template, which also
enforces parameterization of the $staging_www_dir variable
(/var/www/staging).

- Move all non-secret variables that are common to different
  `tails::weblate::*` classes to `tails::weblate::params`.

- Make tails::weblate::params inherit from `tails::website::params`.

- Make many classes inherit from the new `tails::weblate::params`.

- Standardize some parameter names accross classes (eg.  `$postgres_*`
  and `$redis_password`).

- Move `$user`/`$group`/`$uid`/`$gid` to
  `$system_user`/`$system_group`/`$system_uid`/`$system_gid`

Because Weblate container doesn't come with Python's YAML module, we
need a workaround to have it inside the container when we execute some
of our custom scripts. This commit installs that dependency on the host
and bind-mounts it to the container when running commands.

We make use of --network=slirp4netns:allow_host_loopback=true to allow
the container to reach the host on 10.0.2.2.

Note that this has security implications as it gives the container
access to all open ports on the hosts localhost.

The previous use of `podman_docker_pkg` was incorrect, and that package
is corrently only available in `experimental`. As we don't need it now,
let's just ensure it's absent.

Previous to this change, Weblate's host user home directory was stored
in `$mutable_data_dir`. This was wrong and confusing because not only
there was a lot of immutable data there, but also mutable data which is
not directly touched by Weblate itself, but by our custom code (eg.
staging and integration Git repositories).

Now we store `/var/lib/weblate` in `$weblate_home`, set Weblate's
DATA_DIR as `/var/lib/weblate/data`, and move the staging repository to
`/var/lib/weblate/repositories/staging`.

See:

    https://docs.weblate.org/en/latest/admin/config.html#auto-update
    !58 (comment 173578)

This is mainly used for testing purposes: in a test/dev environment we
may need to be able to access the application using a different domain
because of HSTS.

Important notes:

  - This removes all previous setting of group to `weblate_admin`. This
    is unneeded as every member of that group can already `sudo -u
    weblate` and do whatever they want as that user.

  - We document and make uniform use of the namespace mapping of the
    host `weblate` user to the container `root` user. See the
    explanation in `tails::profile::podman` for more information.

- Remove `settings.py` template and replace it with static
  more recent `settings_docker.py` which fixes parameter passing through
  environment variables.
  (See: https://github.com/WeblateOrg/weblate/commit/a4df45c3319b29cdfc28f41a98c0864297623cf6)

- Set fixed UID for `weblate` user and configure user namespaces so it
  can launche rooless Podman containers.