Upgrade to Ansible 2.7.8

[Miouge1]

What type of PR is this?
/kind bug

What this PR does / why we need it:
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.

See https://nvd.nist.gov/vuln/detail/CVE-2019-3828

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

NONE

[Atoms]

ci check this

[Atoms]

/lgtm

[woopstar]

You need to upgrade the version in README and in pre checks too

[Miouge1]

Good point @woopstar I forgot about that. It should be fixed in the latest commit.

[woopstar]

/lgtm
/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Miouge1, woopstar

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [woopstar]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[pmhahn]

This PR has the unfortunate site effect, that the version of Ansible in Debian-Buster is not sufficient: It is only 2.7.7 but with the fix for CVE-2019-3828 applied on top: https://metadata.ftp-master.debian.org/changelogs//main/a/ansible/ansible_2.7.7+dfsg-1_changelog

Requiring an updated version of Ansible for some required functionality is IMHO okay, but for security? IMHO please not.
Can this PR be reverted?

[Atoms]

Security is first thing why someone should update some software, if Debian-Buster is backporting some CVE to older versions we cannot work with that, as we see now latest ansible ion 2.7.x is actually: v2.7.12 so reverting to allow 2.7.7 would be insane. if we revert to 2.7.7 it's only debian which has this version. and other OS is vulnerable cause they don't backport CVE, but release new version.