Enforce ansible-lint

I ran ansible-lint on our apps role and found that, next to cosmetics, ansible-lint found a few nasty things like the pipefail issue, which prevented us to recognize that cert-manager was not deployed fine. We should either created a gitlab-ci job or enforce ourselves to do pre-commit linting (which is a good idea anyhow).

❯ ansible-lint ansible/roles/apps
[301] Commands should not change things if nothing needs doing
/home/varac/projects/work/greenhost/openappstack/ansible/roles/apps/tasks/cert-manager.yml:2
Task/Handler: Install CRDs for cert-manager

[204] Lines should be no longer than 160 chars
/home/varac/projects/work/greenhost/openappstack/ansible/roles/apps/tasks/cert-manager.yml:5
  command: '/snap/bin/kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-{{ cert_manager.crd_version }}/deploy/manifests/00-crds.yaml'

[301] Commands should not change things if nothing needs doing
/home/varac/projects/work/greenhost/openappstack/ansible/roles/apps/tasks/cert-manager.yml:7
Task/Handler: Prevent validation deadlock for cert-manager

[301] Commands should not change things if nothing needs doing
/home/varac/projects/work/greenhost/openappstack/ansible/roles/apps/tasks/cert-manager.yml:43
Task/Handler: Apply cert-manager helmfile

[306] Shells that use pipes should set the pipefail option
/home/varac/projects/work/greenhost/openappstack/ansible/roles/apps/tasks/helmfiles.yml:18
Task/Handler: Apply helmfiles

[306] Shells that use pipes should set the pipefail option
/home/varac/projects/work/greenhost/openappstack/ansible/roles/apps/tasks/init.yml:67
Task/Handler: Remove failed helm deployments

[602] Don't compare to empty string
/home/varac/projects/work/greenhost/openappstack/ansible/roles/apps/tasks/init.yml:71
  when: helm_failed_deployments.stdout != ""