Refactor tinc key management
Currently the "tinc" Ansible role is possibly the last remaining case where we're using facts from other hosts: this can represent a problem if those other hosts are unreachable, and it's generally undesirable as it increases the complexity of the Ansible side of things.
Instead, we should treat it as another PKI (like the internal x509 one), and store the public keys on the controlling host, in the credentials repository.