Add simplified PostgreSQL infrastructure role for database services

- Provides PostgreSQL server as shared database infrastructure
- Follows KISS principle with only essential configuration (11 variables vs 45 originally)
- Implements maximum security with Unix socket-only superuser access
- Uses scram-sha-256 authentication for application users
- Includes SystemD security hardening
- Applications manage their own databases/users via this infrastructure
- Production-ready with data checksums and localhost-only access

roles/postgresql/templates/systemd-override.conf.j2

@@ -0,0 +1,26 @@
+# PostgreSQL SystemD Security Override - Rick-Infra Simplified
+# Generated by Ansible PostgreSQL role
+
+[Service]
+# Essential Security Restrictions
+NoNewPrivileges=true
+PrivateTmp=true
+PrivateDevices=true
+ProtectHome=true
+ProtectSystem=strict
+ProtectKernelTunables=true
+ProtectKernelModules=true
+RestrictRealtime=true
+LockPersonality=true
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+
+# File System Access (PostgreSQL standard paths)
+ReadWritePaths=/var/lib/postgres
+
+# Network Security (localhost only)
+{% if postgresql_listen_addresses == "localhost" %}
+IPAddressDeny=any
+IPAddressAllow=localhost
+{% endif %}
+
+# Rick-Infra: Essential security hardening only