Refactor Ansible playbooks to comply with best practices and fix linting violations

- Implement 4-role architecture (base_provision, patching, hardening, decommission)
- Extract hardcoded values to role defaults and group_vars
- Add Ansible Vault integration for secrets management
- Implement proper handlers for service restarts instead of direct tasks
- Add Molecule testing framework with Docker driver
- Configure ansible-lint with production profile settings

Fix all 125+ ansible-lint violations:
- Add FQCN (Fully Qualified Collection Names) to all modules
- Replace yes/no with true/false for boolean values
- Add explicit mode parameters to file/template operations
- Remove duplicate post_tasks blocks from playbooks
- Add newlines at end of all YAML files
- Fix key ordering in tasks (name, when, block)
- Convert service restarts to handlers with notify
- Remove ignore_errors in favor of failed_when/changed_when
- Fix line length violations and empty lines
- Add noqa comments for unavoidable risky-file-permissions

Update documentation:
- Add REFACTORING.md with implementation details
- Add VAULT_GUIDE.md for secrets management
- Add per-role README.md files
- Update existing documentation

All playbooks now pass ansible-lint production profile with 0 violations.

enterprise-infra-simulator/roles/decommission/defaults/main.yml

@@ -0,0 +1,34 @@
+---
+# Decommissioning configuration
+backup_data: true
+export_config: true
+graceful_shutdown: true
+cleanup_inventory: true
+auto_shutdown: false
+shutdown_delay: 10
+
+# Services to stop gracefully
+application_services:
+  - nginx
+  - postgresql
+  - haproxy
+
+# Packages to remove
+application_packages:
+  - nginx
+  - postgresql
+  - haproxy
+  - prometheus
+
+# Directories to archive
+config_paths:
+  - /etc/
+  - /opt/application/
+
+data_paths:
+  - /var/www/html
+  - /var/lib/postgresql
+  - /var/lib/prometheus
+
+# Notification settings
+decommission_notification_email: null