Small DB changes for supporting secure transfer of datasets between
clusters using credentials to provide permission to access the datasets. * Add authority_urn to the images table, which is the urn of the origin dataset (similar to the slice urn, the Portal mints a credential in its namespace, so that the Portal always has permission to do anything it wants to the dataset at the remote cluster). * Add slot to the apt_datasets table to store a credential from the cluster where the dataset lives. This credential gives the owner permission to download the dataset, which the portal will delegate to any cluster that might need to get that dataset.