samba-dc: Install dch-selinux

The *dch-selinux* package contains a SELinux policy module for Samba AD
DC.  This policy defines a `samba_t` domain for the `samba` process.
While the domain is (currently) unconfined, it is necessary in order to
provide a domain transition rule for `winbindd`.  Without this rule,
`winbindd` would run in `unconfined_service_t`, which causes its IPC
pipe files to be incorrectly labelled, preventing other confined
services like `sshd` from accessing them.

samba-dc.yml

@@ -2,6 +2,7 @@
   serial: 1
   roles:
   - kerberos
+  - dch-selinux
   - samba-dc
   tasks:
   - name: set samba configuration facts