Switch our haproxy image to quay opendevmirror location

This will pull the haproxy:lts image from the mirror we have at
quay.io/opendevmirror/haproxy rather than docker hub directly. This
should improve reliability in CI in particular when pulling that image.
One fewer image to pull from docker hub also means more rate limit to
spend where we are still pulling from docker hub.

Note this will affect the gitea and zuul web front ends as they are both
fronted by haproxy. Expect a minor blip while the container "updates"
(hashes should match) and is restarted.

Change-Id: Ic242ea3975ada1c7a698be8e41b9c5c8f8d07ed3

playbooks/roles/haproxy/templates/docker-compose.yaml.j2

@@ -5,7 +5,7 @@ version: '2'
 services:
   haproxy:
     restart: always
-    image: docker.io/library/haproxy:lts
+    image: quay.io/opendevmirror/haproxy:lts
     # NOTE(ianw) 2021-05-17 : haproxy >= 2.4 runs as a non-privileged
     # user.  The main problem here is we use host networking, so the
     # haproxy user is not allowed to bind to low ports (80/443).  The

zuul.d/system-config-run.yaml

@@ -1032,6 +1032,7 @@
       - inventory/service/group_vars/zookeeper.yaml
       - inventory/service/host_vars/zk\d+
       - inventory/service/host_vars/zuul02.opendev.org
+      - playbooks/roles/haproxy/
       - playbooks/roles/mariadb/
       - playbooks/roles/zookeeper/
       - playbooks/roles/install-apt-repo/