scap: change targets to Puppet dsh group

dsh_targets is resolved to a file local to the repository and fallback to /etc/dsh/group on the deployment server. Adding or removing targets is done in Puppet and maintaining a list of hosts in the deployment repository needs an extra step to keep the list in sync.

I have pushed a couple changes to have Puppet to automatically populate the dsh groups based on hosts having the associated scap::target resource.

For jenkins-rel:

https://gerrit.wikimedia.org/r/c/operations/puppet/+/893485

On the deployment server, /etc/dsh/groups/jenkins-rel has:

releases1002.eqiad.wmnet
releases2002.codfw.wmnet

This let us remove the local jenkins_rel file and change the dsh_targets to jenkins-rel which will use the above file. Move it under [wmnet] section since that is production specific.

For jenkins-ci

https://gerrit.wikimedia.org/r/c/operations/puppet/+/893484 is pending, once merged that will empty up the list of hosts preventing any deployment. The deployment server /etc/dsh/groups/jenkins-ci has:

contint1002.wikimedia.org
contint2001.wikimedia.org
contint2002.wikimedia.org

To prevent a faulty deployment, keep the transient no_targets and copy it to the production specific [wmnet] section. Once the Puppet patch has merged, the file will be empty and we can then replace the target with the commented out dsh_targets: jenkins-ci.