Add support for always_set_cka_sensitive parameter

Some time ago BarbicanPkcs11AlwaysSetCkaSensitive option was
added to tripleo-heat-templates. change:
If3fa975e8243dfe30ef67ec81db891943a94a9d5

At the same time, it looks like relevant change was not added
to puppet-barbican project. This patch adds missing parameter
to barbican::plugins::p11_crypto class.

Partial-bug: #1916386
Change-Id: Idf9dc70cd68d4e594119efcd2a3c3a0e56621c96

manifests/plugins/p11_crypto.pp

@@ -57,6 +57,11 @@
 #   the PKCS#11 client library.
 #   Defaults to $::os_service_default
 #
+# [*p11_crypto_plugin_always_set_cka_sensitive*]
+#   (optional) Always set CKA_SENSITIVE when generating keys.
+#   In some HSMs extractable keys cannot be marked sensitive.
+#   Defaults to $::os_service_default
+#
 # [*global_default*]
 #   (optional) set plugin as global default
 #   Defaults to false
@@ -81,6 +86,7 @@ class barbican::plugins::p11_crypto (
   $p11_crypto_plugin_hmac_keygen_mechanism    = $::os_service_default,
   $p11_crypto_plugin_aes_gcm_generate_iv      = $::os_service_default,
   $p11_crypto_plugin_os_locking_ok            = $::os_service_default,
+  $p11_crypto_plugin_always_set_cka_sensitive = $::os_service_default,
   $global_default                             = false,
   # DEPRECATED PARAMETERS
   $p11_crypto_plugin_token_label              = undef,
@@ -111,6 +117,7 @@ Use the p11_crypto_plugin_token_labels parameter instead')
     'p11_crypto_plugin/hmac_keygen_mechanism':    value => $p11_crypto_plugin_hmac_keygen_mechanism;
     'p11_crypto_plugin/aes_gcm_generate_iv':      value => $p11_crypto_plugin_aes_gcm_generate_iv;
     'p11_crypto_plugin/os_locking_ok':            value => $p11_crypto_plugin_os_locking_ok;
+    'p11_crypto_plugin/always_set_cka_sensitive': value => $p11_crypto_plugin_always_set_cka_sensitive;
   }
 
   barbican_config {