Make all mysql root users managed during stack creation/update

In non-HA deployments (undercloud and standalone) puppet-mysql
handles password for user 'root@localhost' [1], but it doesn't
try to update 'root@%'.
Instantiate the appropriate resource to fix the management of
that mysql user.

Closes-Bug: #1867186

[1] https://github.com/puppetlabs/puppetlabs-mysql/blob/master/manifests/server/root_password.pp

Change-Id: I5bb1c23f5fbe7e6fd28537aef4fbfc1be5950dcc
(cherry picked from commit 7ee97845dd)

manifests/profile/base/database/mysql.pp

@@ -205,6 +205,15 @@ class tripleo::profile::base::database::mysql (
 
   if $step >= 2 and $sync_db {
     Class['::mysql::server'] -> Mysql_database<||>
+    if ($manage_resources) {
+      # the mysql module handles password for user 'root@localhost', but it
+      # doesn't modify 'root@%'. So make sure this user password is managed
+      # as well by creating a resource appropriately.
+      mysql_user { 'root@%':
+        ensure        => present,
+        password_hash => mysql_password(hiera('mysql::server::root_password')),
+      }
+    }
     if hiera('aodh_api_enabled', false) {
       include ::aodh::db::mysql
     }