This patch finalizes the switch to port 587 for email submission that
was started with commit 166c57.

- managesieve :: this allows sieve filters to be edited through a
  brower
- twofactor_gauthenticator :: allow optional two-factor authentication
  when logging into webmail
- carddav :: sync ownCloud contacts with roundcube

Baseline the configuration file distributed Roundcube 1.4.1 before
modification for sovereign.

The rmilter package changed the name of its listener service similar to
what was done for rspamd (see commit 2dbc976b).

The `private_key` variable used to check for changes was never
registered.

While adding the Let's Encrypt offline testing block in 1746afcc we
accidentially duplicated a the 'when' statement. Ansible only looks at
the last when statement for a given block meaning the earlier one has no
use. This commit merges both lines in one.

The directives provided by `mod_access_compat` are deprecated.  This
patch eliminates references to them.

Currently client email is submitted via ssmtp (port 465).  This has been
deprecated for years.  The correct way to submit email is via
submission (port 587).

This patch adds port 587 as a second and the default way of submitting
email for delivery.  Port 465 remains open for backwards compatibility
with existing clients.

See https://docs.ansible.com/ansible/playbooks_lookups.html

The ownCloud configuration file does not get touched.  The virtual host
configuration is modified by sovereign but can be updated in place and
Apache restarted.

This is done to suppress warnings from ansible-lint.

Depending on when the client is run, there are no certificates to
update.  By default, the client runs in interactive mode and wants to
notify the user of this.  This causes Ansible to hang waiting for an
acknowledgement that will never come.  Adding the non-interactive flag
fixes this.