fix: EL10 PAM and crypto readiness via authselect profile and DEFAULT policy

roles/global_defaults/tasks/main.yml

@@ -61,6 +61,12 @@
   ansible.builtin.set_fact:
     os_version_major: "{{ (os_version | string).split('.')[0] }}"
 
+# EL>=10 and Fedora dropped the static /etc/pam.d/system-auth shipped by pam;
+# the PAM stack is generated by authselect and absent until a profile is selected.
+- name: Flag authselect-managed PAM stacks
+  ansible.builtin.set_fact:
+    is_authselect: "{{ is_rhel | bool and (os_version_major | default('0') | int) >= 10 }}"
+
 - name: Set chroot command wrapper
   ansible.builtin.set_fact:
     chroot_command: >-