pyrocufflink: Encrypt root password with age

Since we are encrypting an inventory variable with a very wide scope
here, essentially every play needs the Ansible Vault password.
Encrypting the value with `age` and only decrypting it when its used (by
the *base* role), the key is only necessary when provisioning a new
machine.

This value is encrypted using the following age key:

    age197zq0l27nwxj74d4pmpat6kqqth235mdc0ggmfm3006v0fy7advsg9ljts

group_vars/pyrocufflink/root-password.yml

@@ -0,0 +1,17 @@
+root_password: |
+  -----BEGIN AGE ENCRYPTED FILE-----
+  YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSY3JZdjhyKzhVYUloZ1Vn
+  Y1NZSHVaNDJLRjZBVkdvNHhSR2d5Q0JMc3djCmszc0ozTFVObFBhWEl4WExYd3pp
+  d2IzSGExUlI3eGtDOTBJejRjTWoveDgKLS0tIHNxa1NMYmduM2ZDWHNKWUw0M21N
+  Z1J3MU10bXRmendiN2M1VWVxb1Brc1EKslZr6qvtp1RCGl2+9fbuHY34+qS5xQRE
+  BqegwvR31NA1/I3ULLEmem7/ysdH/qWemlSvkIhmITExDTiNQ7IWiw==
+  -----END AGE ENCRYPTED FILE-----
+root_password_hash: >-
+  {{
+    root_password
+    | decrypt
+    | password_hash(
+        'sha512',
+        65534 | random(seed=inventory_hostname) | string
+    )
+  }}