Use variable instead of group membership to install localhome

Use variable localhome to determines whether the localhome module is installed.
Default: localhome=false

Further changes:
- Move pam-exec from common-auth to common-session
- Move pam-mkhomedir before pam-mount to avoid double login on first use
  on localhome devices

roles/lmn_sssd/templates/sssd.conf.j2

@@ -17,6 +17,6 @@ ad_gpo_access_control = disabled
 ad_gpo_ignore_unreadable = True
 ad_maximum_machine_account_password_age = 0
 ignore_group_members = True
-{% if 'localhome' in group_names %}
+{% if localhome is defined and localhome %}
 override_homedir = /home/%u
 {% endif %}