Allow not managing realm roles when they come from external source
Realm roles can come from FreeIPA or some other LDAP. The introduction of the
"roles" parameter and its non-empty default value in commit c60eed9ac9b made the
keycloak_realm's provider try to manage those roles when it should not. Add a
new parameter "manage_roles" to define whether roles should be managed by Puppet
or not.