Enhance security options for user creation

We have observed that the rpm-packaging macro %openstack_pre_user_group_create is a convenient wrapper around useradd for creating users. And having the default shell specified as /sbin/nologin is good. But our security guru has noted that there is further hardening we could do with these service user accounts.

Some service users do not need a home directory created, and could have '/nonexistent' specified as the home directory. There is currently no option for that, and all users have a home created in %{sharedstatedir}/username for fedora or %{_localstatedir}/lib/username for suse whether it is used or not.

I have also observed that the user home created by useradd defaults to 755 permissions. For hardening purposes it should default to 750, or have an option to specify further restrictions.