When SRBAC is enforced, Keystone allows only system admin to create
resources like user, role, role assignment and etc. With this change
now each provider uses system scope credential to create resources
like user, endpoint and etc.
This change also replaces /etc/keystone/puppet.conf by the yaml file
for openstackclient(/etc/openstack/puppet/admin-clouds.yaml)
This allows us to switch a system scope credential and a project
scope credential, and helps us implement a new provider which requires
project scope, in the future.
Depends-on: https://review.opendev.org/828025
Change-Id: I27eb6b11df593581c94ef0affaf5abb8e333833b