Use cryptography backend for openssh_keypair

With default "auto" backend, opensshbin is first pick, which fails
to read a key in case of insecure permissions. This makes task fail
in case private key in topic has mode different from 0600, even if
different mode specified for the module itself [1].

Along with switching backend we also adding mode key to be supported

[1] ansible-collections/community.crypto#564
Change-Id: I9444ef832136783bde1eff5425e4cd369f905a5c

roles/ssh_keypairs/tasks/standalone/create_keypair.yml

@@ -28,6 +28,8 @@
           size: "{{ kp.size | default(omit) }}"
           type: "{{ kp.type | default(omit) }}"
           path: "{{ kp_dir ~ '/' ~ kp['name'] }}"
+          mode: "{{ kp.mode | default(omit) }}"
+          backend: cryptography
         register: kp_keys
 
       - name: Generate an OpenSSH user certificate for {{ kp['name'] }}