TLS everywhere: the haproxy service wrongly requests certificates for all networks

Similar to https://bugs.launchpad.net/tripleo/+bug/1811207.

We currently loop through all enabled networks for the entire stack to determine the list of networks for haproxy:

  HAProxyNetworks:
    type: OS::Heat::Value
    properties:
      value:
        # NOTE(jaosorior) Get unique network names to create
        # certificates for those. We skip the tenant network since
        # we don't need a certificate for that, and the external
        # network will be handled in another template.
        - ctlplane
{%- for network in networks if network.vip|default(false) %}
  {%- if network.name_lower != 'external' and network.name_lower != 'tenant' %}
        - {{network.name_lower}}
  {%- endif %}
{%- endfor %}

Then later create a certificate spec for each of these networks.

This works by coincedence on the Controller role since all of these networks are enabled. However if any of these networks were disable, or if HAProxy is used for any other roles that do not enable all networks (such as DistributedComputeScaleOut) then the deployment fails with:

message: 'Could not evaluate: Could not get certificate: Server at https://freeipa.example.com/ipa/xml
    denied our request, giving up: 3007 (RPC failed at server. ''fqdn'' is required).'
  source: "/Stage[main]/Tripleo::Profile::Base::Certmonger_user/Tripleo::Certmonger::Haproxy[haproxy-storage_mgmt]/Certmonger_certificate[haproxy-storage_mgmt-cert]"