Update Keystone token param (and use PKI instead of UUID)

token_format is now deprecated, and we change now PKI to be able
to revoke certs.
Note: keystone.token.providers.pki.Provider is the default option
upstream

Close: GH-75

manifests/identity.pp

@@ -399,7 +399,7 @@ class cloud::identity (
     memcache_servers => $memcache_servers,
     sql_connection   => "mysql://${encoded_user}:${encoded_password}@${keystone_db_host}/keystone",
     token_driver     => 'keystone.token.backends.memcache.Token',
-    token_format     => 'UUID',
+    token_provider   => 'keystone.token.providers.pki.Provider',
     use_syslog       => true,
     verbose          => $verbose,
     bind_host        => $api_eth,