Description of problem:
HEAT stack does not support the keystone keyword 'system' in user roles.

In the OSP docs we see that we can assign system roles to users:

https://docs.openstack.org/api-ref/identity/v3/?expanded=assign-a-system-role-to-a-user-detail#assign-a-system-role-to-a-user

In the Keystone heat templates I only found an option to assign a role to a user, along with either project or domain (no system option).

https://docs.openstack.org/heat/latest/template_guide/openstack.html#OS::Keystone::Role

'...Roles can be granted at either the domain or project level...'

There should be a way to create a heat template which assigns system user roles as well.

Version-Release number of selected component (if applicable):
17

How reproducible:
100%

Steps to Reproduce:
1. Run the yaml/template file mentioned below with the command:
`openstack stack create -t <yaml_file> my_roles`
2.
3.

Actual results:
Error:
heat.common.exception.StackValidationFailed: Property error: resources.system_reader.properties.roles[0]: Unknown Property system

Expected results:
Heat engine accepts the mentioned template and creates the resources.

Additional info:
Here is a short version of the heat template I use:

```
—

heat_template_version: rocky

description: All resources which are required to deploy for the Secure RBAC test plan

parameters:

resources:

1. Users
   system_reader:
   type: OS::Keystone::User
   properties:
   name: system_reader
   password: testerpass
   roles: [ {"system": all, "role": reader}

   ]
   ```

In the 'roles' value, using 'project' or 'domain' as keywords works, but 'system' doesn't.

The cli also accepts "--system all" as an argument when running:
`openstack role add reader --user reader --system all`