Support sensitive and deferred values where passwords are used

[llowder]

This is dependent on #213

With the introduction of the Deferred type and Sensitive, more people are wanting to use these to be able to secure potentially sensitive data.

However, it is not easy to just mark one piece of data as deferred, then use it in a forge / third party module, since a typed parameter will reject getting a deferred type instead.

I would propose that all parameters that could be reasonably considered sensitive have their typing adjusted to allow for either the current type, or something that was deferred.

The main places would be $keepalived::vrrp::instance::auth_pass , the related $keepalived::vrrp_instance hash, and the templates, such as the vrrp_instance one.

This can be done in a mostly backwards compatible way... but I believe the templates have to be epp to be properly deferred, which makes it breaking unless both are maintained for a while and flag selectable.

[luitzifa]

i don't quite get the backwards-incompatible label on this and the mentioned #213 issue. epp is available since puppet 4 and "sensitive" is available since puppet 5.
This module just dropped support for puppet <6.