gw1: squid: Allow access to FCOS update servers

*unifi2.pyrocufflink.blue*, which is connected to the management
network, can only access the Internet via the proxy.  In order for
Zincati/`rpm-ostree` to automatically update the machine, the proxy
needs to allow access to the FCOS update servers.

host_vars/gw1.pyrocufflink.blue/squid.yml

@@ -12,6 +12,9 @@ squid_acl:
   - 'port 443		# https'
   CONNECT:
   - method CONNECT
+  fcos_updates:
+  - dstdomain updates.coreos.fedoraproject.org
+  - dstdomain ostree.fedoraproject.org
   fedora_repo:
   - dstdomain mirrors.fedoraproject.org
   - dstdomain dl.fedoraproject.org
@@ -27,6 +30,7 @@ squid_http_access:
 - allow localhost manager
 - deny manager
 - deny to_localhost
+- allow localnet fcos_updates
 - allow localnet fedora_repo
 - allow localnet grafana_rpm
 - allow google_fonts