roles/websites: Set authorized_keys file perms

Because the various "webapp.*" users' home directories are under
`/srv/www`, the default SELinux context type is `httpd_sys_content_t`.
The SSH daemon is not allowed to read files with this label, so it
cannot load the contents of these users' `authorized_keys` files.  To
address this, we have to explicitly set the SELinux type to
`ssh_home_t`.

roles/websites/nratonpass.com/tasks/main.yml

@@ -28,6 +28,13 @@
     key: "{{ nratonpass_publisher_keys|join('\n') }}"
     user: webapp.nratonpass
     exclusive: true
+- name: ensure authorized_keys file permissions are correct
+  file:
+    path: /srv/www/nratonpass.com/.ssh/authorized_keys
+    mode: '0600'
+    owner: webapp.nratonpass
+    group: webapp.nratonpass
+    setype: ssh_home_t
 
 - name: ensure apache is configured to serve nratonpass.com
   copy: