The https://github.com/linux-system-roles/podman/blob/main/tasks/create_update_kube_spec.yml#L2 user lingering stuff needs to be done before creating any secrets for a rootless user, and needs to be removed when the last user secret is removed.

For the creation, we can probably just copy the block of code and put it near the top of handle_secrets after we know the user.

The removal is a bit tricky. We need to know when the last secret is removed, and we need to coordinate the linger removal with https://github.com/linux-system-roles/podman/blob/main/tasks/cleanup_kube_spec.yml#L50 and https://github.com/linux-system-roles/podman/blob/main/tasks/cleanup_quadlet_spec.yml#L75 - maybe something like this:

```
main
__podman_cancel_user_linger: {} # set of users to check if can cancel linger
for secret in secrets
handle_secret
if rootless
if removing
__podman_cancel_user_linger[username] = true
else
if not lingering then enable lingering
__podman_cancel_user_linger[username] = false # possibly deleted one secret and added another
```
similar logic for kube specs and quadlets - set user to `true` or `false` in __podman_cancel_user_linger
then, at the end of tasks/main.yml
```
for username in __podman_cancel_user_linger.keys() if __podman_cancel_user_linger[username]
get secrets for user
if any secrets
continue # try next user
get containers for user
if any containers
continue
get volumes for user
if any volumes
continue
get networks for user
if any networks
continue

1. if we got here, there are no resources in use for username
   cancel linger for username
   __podman_cancel_user_linger: {} # erase
   ```