Add `matrix_user_shell` and default it to `/sbin/nologin`

This is a backward-incompatible change. By default, Ansible creates
users with (e.g.) `/bin/sh` on Linux, so changing to a no shell
leads to different behavior.

That said, it appears that using a shell-less user works OK with regard
to Ansible execution and starting the systemd services/containers later on.

roles/custom/matrix-base/defaults/main.yml

@@ -177,6 +177,8 @@ matrix_container_global_registry_prefix_override: ""
 
 matrix_user_name: "matrix"
 matrix_user_system: true
+matrix_user_shell: /sbin/nologin
+
 matrix_group_name: "matrix"
 matrix_group_system: true
 

roles/custom/matrix-base/tasks/setup_matrix_user.yml

@@ -22,6 +22,7 @@
     home: "{{ matrix_base_data_path }}"
     create_home: false
     system: "{{ matrix_user_system }}"
+    shell: "{{ matrix_user_shell }}"
   register: matrix_user
 
 - name: Initialize matrix_user_uid and matrix_user_gid