Fix horizon's iptables rules for haproxy when split off a separate role

This should have been fixed via:
https://review.openstack.org/#/c/460175/2

where we did:
service_config_settings:
  haproxy:
    tripleo.horizon.firewall_rules:
     '127 horizon':
        dport:
          - 80
          - 443

The problem is that the above does not work. Reason for this is the way
tripleo::firewall works.  It will only apply iptables rules for that
show up in hiera('service_names'):
    $service_names = hiera('service_names', [])
    tripleo::firewall::service_rules { $service_names: }

And since horizon is not in the service running on the haproxy role, the
above rule would never have been created.

Tested this change and now I correctly get the iptables rules on the
haproxy role for horizon:
[root@overcloud-core-0 ~]# iptables -nvL |grep horizon
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0 0.0.0.0/0            multiport dports 80,443 state NEW /* 127 horizon ipv4 */
[root@overcloud-core-0 ~]# hiera -c /etc/puppet/hiera.yaml service_names |grep horizon
[root@overcloud-core-0 ~]#

Closes-Bug: #1808530

Change-Id: Ia4a795d1a7fb926f5900c739c1932b20d81ed7fc
Co-Authored-By: Damien Ciabrini <dciabrin@redhat.com>
(cherry picked from commit 3114300c9c)
(cherry picked from commit e770e364fb)

puppet/services/horizon.yaml

@@ -166,7 +166,7 @@ outputs:
           service: name=httpd state=stopped
       service_config_settings:
         haproxy:
-          tripleo.horizon.firewall_rules:
+          tripleo.haproxy.firewall_rules:
             '127 horizon':
               dport:
                 - 80