feat(shepherd): Add auto update shepherd role

Deprecates diun as it provides a simpler implementation for docker
swarm. Mark any containers you want auto updated with
`shepherd.autoupdate=true` and the rest with
`shepherd.autoupdate=false`. Everything untagged will not be watched (by
default), though this can be changed by setting the ansible default
variable `shepherd_filter_services: `.

roles/shepherd/templates/docker-stack.yml.j2

@@ -0,0 +1,52 @@
+version: '3.4'
+
+services:
+  app:
+    image: "{{ stack_image }}:{{ shepherd_version }}"
+    # healthcheck:
+    #   test: ["CMD", "wget", "--spider", "-q", "127.0.0.1"]
+    #   interval: 1m
+    #   timeout: 10s
+    #   retries: 3
+    #   start_period: 1m
+    command: serve
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock"
+    environment:
+      - "TZ={{ shepherd_tz }}"
+      - "SLEEP_TIME={{ shepherd_sleeptime }}"
+      - "IGNORELIST_SERVICES={{ shepherd_ignored_services }}"
+{% if shepherd_filter_services is defined and not None %}
+      - "FILTER_SERVICES={{ shepherd_filter_services }}"
+{% endif %}
+      - "ROLLBACK_ON_FAILURE={{ shepherd_rollback_on_failure }}"
+      - "IMAGE_AUTOCLEAN_LIMIT={{ shepherd_image_autoclean_limit }}"
+      - "VERBOSE=true"
+{% if shepherd_notification_targets is defined and not None %}
+      - "APPRISE_SIDECAR_URL: notify:5000"
+{% endif %}
+    networks:
+      - backend
+    deploy:
+      mode: replicated
+      replicas: 1
+      placement:
+        constraints:
+          - node.role == manager
+
+{% if shepherd_notification_targets is defined and not None %}
+  notify:
+    image: mazzolino/apprise-microservice:latest
+    environment:
+      NOTIFICATION_URLS: {{ shepherd_notification_targets }}
+    networks:
+      - backend
+{% endif %}
+
+volumes:
+  data:
+
+networks:
+  "{{ docker_swarm_public_network_name }}":
+    external: true
+  backend: