Enable response validation in Keystone

Unlike other projects, Keystone was previously enabling validation for
all responses. This is a bad idea (TM). Quoting from the Keystone docs
for the new '[api] response_validation' option added in [1]:

  'warn' is the current recommendation for production environments. If
  you find it necessary to enable the 'ignore' option, please report the
  issues you are seeing to the Keystone team so we can improve our
  schemas.

  'error' should not be used in a production environment. This is
  because schema validation happens *after* the response body has been
  generated, meaning any side effects will still happen and the call may
  be non-idempotent despite the user receiving a HTTP 500 error.

DevStack is not used for production environments and is instead the
test harness used for the bulk of our integration testing. We *do* want
failed response validation to result in an error, since it will
highlight bugs in our schemas. Thus, we should override the default
value for this option.

[1] https://review.opendev.org/c/openstack/keystone/+/962851

Change-Id: I9fc2c5dce9511165ad2c1ab18db5eb439d357d9b
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Related-bug: #2126676

lib/keystone

@@ -195,6 +195,10 @@ function configure_keystone {
     iniset $KEYSTONE_CONF cache backend $CACHE_BACKEND
     iniset $KEYSTONE_CONF cache memcache_servers $MEMCACHE_SERVERS
 
+    # Enable errors if response validation fails. We want this enabled in CI
+    # and development contexts to highlights bugs in our response schemas.
+    iniset $KEYSTONE_CONF api response_validation error
+
     iniset_rpc_backend keystone $KEYSTONE_CONF oslo_messaging_notifications
 
     local service_port=$KEYSTONE_SERVICE_PORT