better error for bad module options (#52726)

also document clearly inline vaults don't work on 'options'
  fixes #52707

changelogs/fragments/better_json_option_error.yml

@@ -0,0 +1,2 @@
+bugfixes:
+  - handle option json errors more gracefully, also document options are not vaultable.

docs/docsite/rst/user_guide/playbooks_vault.rst

@@ -126,6 +126,8 @@ To create a vaulted variable, use the :ref:`ansible-vault encrypt_string <ansibl
 
 This vaulted variable will be decrypted with the supplied vault secret and used as a normal variable. The ``ansible-vault`` command line supports stdin and stdout for encrypting data on the fly, which can be used from your favorite editor to create these vaulted variables; you just have to be sure to add the ``!vault`` tag so both Ansible and YAML are aware of the need to decrypt. The ``|`` is also required, as vault encryption results in a multi-line string.
 
+.. note::
+   Inline vaults ONLY work on variables, you cannot use directly on a task's options.
 
 .. _encrypt_string:
 

lib/ansible/executor/module_common.py

@@ -687,7 +687,10 @@ def _find_module_utils(module_name, b_module_data, module_path, module_args, tas
 
     if module_substyle == 'python':
         params = dict(ANSIBLE_MODULE_ARGS=module_args,)
+        try:
             python_repred_params = repr(json.dumps(params))
+        except TypeError as e:
+            raise AnsibleError("Unable to pass options to module, they must be JSON serializable: %s" % to_native(e))
 
         try:
             compression_method = getattr(zipfile, module_compression)