This commit adds an Ansible remediation to rule sssd_enable_pam_services.

Fixes: ComplianceAsCode#11753

Imrpove the regular expression so that it won't match entries
containing the pam entry. This would lead to duplication
of pam entries if the Playbook is executed twice or multiple times.

This test scenario tests a pass situation if the conf.d directory
is used for configuration.

Resolves this fail on CentOS 7:

34/44 Test #34: ansible-playbook-syntax-check-rhel7 ..............................***Failed    2.69 sec
[WARNING]: provided hosts list is empty, only localhost is available. Note that
the implicit localhost does not match 'all'
ERROR! couldn't resolve module/action 'community.general.ini_file'. This often indicates a misspelling, missing collection, or incorrect module path.

If a services key exists, and contains a compliant line in sssd.conf
which also contains other services, eg. `services = nss,pam`
we shouldn't remove the other services but we should keep them.

The task was updated to ensure that last task is only executed when
there isn't already any definition of "services" in sssd section. Only
this case a new line will be included. This is to avoid removing
existing options from existing configuration.