docs(roles): explain what haveged/libmaxminddb/qemu_guest_agent actually do

The READMEs of these three roles only said "installs <tool>" plus a
link to upstream. For Linux System Engineers who haven't run into
the tool before, that's not enough to decide whether they need it.

Add a short paragraph to each README explaining what the tool is and
when you'd typically use it:

* haveged: userspace entropy daemon, mostly relevant on headless VMs
  and older systems; mostly redundant on modern kernels with
  getrandom() + virtio-rng.
* libmaxminddb: C library that reads MaxMind .mmdb GeoIP databases;
  required at runtime by mod_maxminddb and other consumers.
* qemu_guest_agent: virtio-serial daemon that lets the hypervisor
  trigger graceful shutdown, filesystem freeze/thaw for snapshots,
  and query guest hostname/IP/network info.

Author: markuslf

CHANGELOG.md

@@ -63,6 +63,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Changed
 
 * **role:freeipa_client**: Add `meta/argument_specs.yml`. No behaviour change.
+* **role:haveged, role:libmaxminddb, role:qemu_guest_agent**: README now also explains *what* the underlying tool actually does and when you'd want it (entropy daemon, MaxMind GeoIP reader library, hypervisor-to-guest communication channel) instead of just linking out.
 * **COMPATIBILITY**: `at`, `haveged`, `mod_maxminddb` and `qemu_guest_agent` are now expected to work on Debian 12 / 13 and Ubuntu 22.04 / 24.04 / 26.04 (marked `(x)`: code-reviewed, untested in production).
 * **role:hostname, role:kdump, role:timezone**: Add `meta/argument_specs.yml` so Ansible validates the role variables (types, choices) at role entry. No behaviour change.
 * **role:libmaxminddb, role:mod_maxminddb**: Add `meta/argument_specs.yml`. No behaviour change.

roles/haveged/README.md

@@ -1,6 +1,6 @@
 # Ansible Role linuxfabrik.lfops.haveged
 
-This role installs [haveged](https://github.com/jirka-h/haveged).
+This role installs [haveged](https://github.com/jirka-h/haveged), a userspace entropy daemon. It feeds the kernel's random pool from CPU timing jitter (the HAVEGE algorithm), which is mostly useful on headless VMs and older systems where `/dev/random` would otherwise block during early boot or under heavy crypto load. Modern Linux kernels (5.x+) usually have enough entropy from `getrandom()` plus virtio-rng, so `haveged` is more of a safety net than a hard requirement.
 
 
 ## Tags

roles/libmaxminddb/README.md

@@ -1,6 +1,6 @@
 # Ansible Role linuxfabrik.lfops.libmaxminddb
 
-This role downloads, compiles and installs [libmaxminddb](https://github.com/maxmind/libmaxminddb/).
+This role downloads, compiles and installs [libmaxminddb](https://github.com/maxmind/libmaxminddb/), the C library that reads MaxMind's binary GeoIP database files (`.mmdb`). It is the runtime dependency for any application that wants to look up an IP address against the GeoLite2 / GeoIP2 databases (web servers via `mod_maxminddb`, custom code via the C API, Python bindings via `python-maxminddb`, ...).
 
 For Maxmind, depending on your needs, you normally run three playbooks in this particular order:
 

roles/qemu_guest_agent/README.md

@@ -1,6 +1,6 @@
 # Ansible Role linuxfabrik.lfops.qemu_guest_agent
 
-This role installs the [QEMU Guest Agent](https://wiki.qemu.org/Features/GuestAgent/) for the generic and open source machine emulator and virtualizer.
+This role installs the [QEMU Guest Agent](https://wiki.qemu.org/Features/GuestAgent/) inside a KVM/QEMU guest. The agent runs as a daemon (`qemu-guest-agent.service`) and exposes a virtio-serial channel that the hypervisor uses for things the host can't otherwise observe: graceful shutdown, filesystem freeze/thaw for consistent disk snapshots, host-side queries for guest hostname/IP/network info, and time synchronization after a host suspend. Without the agent, hypervisor-side actions like `virsh shutdown`, snapshot quiescing or `virsh domifaddr` either fall back to ACPI (less reliable) or simply don't return useful data.
 
 
 ## Tags