fix(virtualization): add no_log and secure temp file handling to libvirt cloud-init

roles/virtualization/tasks/libvirt.yml

@@ -44,10 +44,11 @@
   ansible.builtin.template:
     src: "{{ item.src }}"
     dest: /tmp/{{ item.dest_prefix }}-{{ hostname }}.yml
-    mode: "0644"
+    mode: "0600"
   loop:
     - { src: cloud-user-data.yml.j2, dest_prefix: cloud-user-data }
     - { src: cloud-network-config.yml.j2, dest_prefix: cloud-network-config }
+  no_log: true
 
 - name: Create cloud-init disk
   delegate_to: localhost
@@ -60,6 +61,15 @@
       - "/tmp/cloud-network-config-{{ hostname }}.yml"
     creates: "{{ virtualization_libvirt_cloudinit_path }}"
 
+- name: Remove cloud-init temp files
+  delegate_to: localhost
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: absent
+  loop:
+    - /tmp/cloud-user-data-{{ hostname }}.yml
+    - /tmp/cloud-network-config-{{ hostname }}.yml
+
 # uri defaults to qemu:///system (local libvirtd)
 - name: Create VM using libvirt
   delegate_to: localhost