r/fileserver: Restrict non-administrators to SFTP

Normal users do not need shell access to the file server, and certainly
should not be allowed to e.g. forward ports through it.  Using a `Match`
block, we can apply restrictions to users who do not need administrative
functionality.  In this case, we restrict everyone who is not a member
of the *Server Admins* group in the PYROCUFFLINK AD domain.

roles/fileserver/handlers/main.yml

@@ -1,2 +1,7 @@
 - name: save firewalld configuration
   command: firewall-cmd --runtime-to-permanent
+
+- name: reload sshd
+  service:
+    name: sshd
+    state: reloaded