r/blackbox-exporter: Rework to run as container

Instead of downloading the `blackbox_exporter` binary from GitHub and
copying it to the managed node, the _blackbox-exporter_ role now
installs _podman_ and configures a systemd container unit (Quadlet) to
run it in a container.  This simplifies the deployment considerably, and
will make updating easier (just run the playbook with `-e
blackbox_exporter_pull_image=true`).

roles/blackbox-exporter/templates/blackbox-exporter.container.j2

@@ -0,0 +1,22 @@
+[Unit]
+Description=Blackbox exporter
+Documentation=https://github.com/prometheus/blackbox_exporter/blob/master/README.md
+After=network-online.target
+Wants=network-online.target
+
+[Container]
+Image={{ blackbox_container_image }}
+Pull=never
+Exec=--config.file=/etc/prometheus/blackbox.yml
+Mount=type=bind,source=/etc/prometheus,target=/etc/prometheus,readonly=true
+ReadOnly=yes
+ReadOnlyTmpfs=yes
+NoNewPrivileges=yes
+User=215
+Group=215
+PublishPort=9115:9115
+
+[Service]
+Restart=always
+RestartSec=1s
+ExecReload=/usr/bin/podman kill --cidfile=%t/%N.cid -s HUP