roles/named: Add allow-update block to named.conf

The `allow-update` block in `named.conf` enumerates the hosts/networks
that are allowed to issue dynamic DNS updates. This is required in
Active Directory and other environments where clients and/or DHCP
servers create DNS records automatically.

By default, the block is omitted from the generated configuration file.
The `named_allow_update` variable can be set to a list of patterns (e.g.
CIDR blocks, ACL names, etc.) to populate it.

roles/named/templates/named.conf.j2

@@ -23,6 +23,14 @@ options {
 		{{ match }};
 {% endfor %}
 	};
+{% if named_allow_update %}
+
+	allow-update {
+{% for match in named_allow_update %}
+		{{ match }};
+{% endfor %}
+	};
+{% endif %}
 
 	recursion {{ yesno(named_recursion) }};