roles/certbot: Run periodically as certbot user

The default systemd unit configuration for *certbot-renew.service* runs
the `certbot renew …` command as root. This can cause permissions
issues, since this Ansible role expects the *certbot* user to be able to
access all configuration, data, and log files. As such, this commit adds
a systemd unit extension for *certbot-renew.service* to run the command
as *certbot*.

roles/certbot/files/certbot-renew-runas.service

@@ -0,0 +1,3 @@
+[Service]
+User=certbot
+Group=certbot