Reorgs prepare servers logic

Pulls in the apt-without-redirects logic to mitigate CVE-2019-3462
that was previously placed in the install-fpf-repo role.
Since we already the logic declared, we need not run it twice.

install_files/ansible-base/roles/install-fpf-repo/tasks/main.yml

@@ -1,6 +1,4 @@
 ---
-- include: upgrade_apt.yml
-
 - name: Install SecureDrop apt repo GPG signing key.
   apt_key:
     state: present

install_files/ansible-base/roles/prepare-servers/tasks/install_ansible_dependencies.yml

@@ -0,0 +1,6 @@
+---
+# Ansible assumes that python2 is installed, and it isn't be default
+# under Ubuntu Xenial, so we'll make sure to pull it in.
+# We use the "raw" module because any other module requires python2.
+- name: Installs prereqs for Ansible and securedrop-admin
+  raw: sudo apt-get -y install python apt-transport-https dnsutils

install_files/ansible-base/roles/prepare-servers/tasks/main.yml

@@ -1,11 +1,4 @@
 ---
-# Ensures that prequisite packages for anssible and securedrop-admin install
-# are present
- - name: 'Ensure apt has been safely updated wrt. CVE-2019-3462'
-   raw: 'apt -o Acquire::http::AllowRedirect=false update &&
-    apt -o Acquire::http::AllowRedirect=false --only-upgrade -y install apt'
- - name: 'run apt update'
-   raw: 'sudo apt -o update'
- - name: 'install packages'
-   raw: 'sudo apt-get -y install python apt-transport-https dnsutils'
+- include: upgrade_apt.yml
 
+- include: install_ansible_dependencies.yml