Add widearearoot and wideareajailroot to the users table, to control
who gets root on widearea nodes, inside and outside of jail. Kinda brute force; might need to make this more flexible at some point, perhaps with a node/user mapping table for widearearoot (root outside the jail), and a widearea_trust slot to the group_membership table (root inside a jail), but this will do for now since its handled entirely inside of tmcd. I was originally using local_root to determine root access inside the jail, but we need to more finely control who gets root on widearea nodes. Outside the jail, only tbadmin got jail, and thats definitely too restrictive!