Add support for using ipsets as sources in a zone

I wanted to be able to add an ipset as a source in the zone without using a rich rule.  I believe this change accomplishes that.  Tested and working on CentOS 7 (salt master and minion).

firewalld/files/zone.xml

@@ -23,6 +23,16 @@
     {%- endif %}
   {%- endfor %}
 {%- endif %}
+{%- if 'ipsets' in zone %}
+  {%- for v in zone.ipsets %}
+    {%- if 'comment' in v %}
+  <!-- {{ v.comment }} -->
+  <source ipset="{{ v.ipset }}" />
+    {%- else %}
+  <source ipset="{{ v }}" />
+    {%- endif %}
+  {%- endfor %}
+{%- endif %}
 {%- if 'services' in zone %}
   {%- for v in zone.services %}
   <service name="{{ v }}" />