Add validation for HSM password availability

Add early validation to fail with a descriptive error message when the
HSM password (cifmw_hsm_password) is neither defined as a variable nor
available in the Zuul secrets file.

This addresses the scenario where both conditions are unmet:
- cifmw_hsm_password is not defined in the job configuration
- The secrets file /var/tmp/qe-secrets/proteccio_pin.yaml does not exist

Previously, this would cause the playbook to continue and fail later
with an unhelpful "cifmw_hsm_password is undefined" error. Now it fails
early with a clear message explaining the two options to resolve it.

Signed-off-by: Mauricio Harley <[email protected]>

Author: Mauricio Harley

hooks/playbooks/barbican-prepare-proteccio.yml

@@ -24,6 +24,16 @@
           ansible.builtin.set_fact:
             cifmw_hsm_password: "{{ _proteccio_pin_data.rdu2Pin }}"
 
+    - name: Fail if HSM password is not available
+      when: cifmw_hsm_password is not defined
+      ansible.builtin.fail:
+        msg: >-
+          The HSM password (cifmw_hsm_password) is not defined and could not
+          be loaded from the secrets file at /var/tmp/qe-secrets/proteccio_pin.yaml.
+          Please ensure either:
+          1. The variable cifmw_hsm_password is set in your job configuration, or
+          2. The Zuul secret file exists (created by qe-creds-crc.yaml pre-run playbook)
+
     - name: Check out the role Git repository
       ansible.builtin.git:
         dest: "./rhoso_proteccio_hsm"