Make dnsmasq daemon set optional

Change additional dnsmasq opts:
- Adjust caching size and TTL
- Disable resolve conf to not create loops
- Change dnsPolicy to default (similarly to kubedns's dnsmasq). The
  ClusterFirst should not be used to not create loops
- Disable negative NXDOMAIN replies to be cached
- Make its very installation as optional step (enabled by default).
  If you don't want more than 3 DNS servers, including 1 for K8s, disable
  it.
- Add docs and a drawing to clarify DNS setup.
- Fix stdout logs for dnsmasq/kubedns app configs
- Add missed notifies to resolvconf -u handler
- Fix idempotency of resolvconf head file changes

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>

docs/dns-stack.md

@@ -0,0 +1,21 @@
+K8s DNS stack by Kargo
+======================
+
+Here is an approximate picture of how DNS things working and
+being configured by Kargo ansible playbooks:
+
+![Image](figures/dns.png?raw=true)
+
+Note that an additional dnsmasq daemon set is installed by Kargo
+by default. Kubelet will configure DNS base of all pods to use that
+dnsmasq cluster IP. You can disable it with the ``skip_dnsmasq``
+var. This may be the case, if you're fine with Linux limit of max 3
+nameservers in the ``/etc/resolv.conf``. When skipped and bypassed
+directly to Kubedns's dnsmasq cluster IP, it greatly simplifies things
+by the price of limited nameservers though.
+
+Nameservers are configured in the hosts' ``/etc/resolv.conf`` files
+from the ``nameservers`` (see also ``searchdomains``) vars. While the
+``upstream_dns_servers`` will define additional DNS servers for the
+dnsmasq daemon set running on all hosts (unless bypassed with
+``skip_dnsmasq``).