1) Implement the latest dataset read/write access settings from frontend to
   backend. Also updates for simultaneous read-only usage.

2) New configure options: PROTOGENI_LOCALUSER and PROTOGENI_GENIWEBLOGIN.

   The first changes the way that projects and users are treated at the
   CM. When set, we create real accounts (marked as nonlocal) for users and
   also create real projects (also marked as nonlocal). Users are added to
   those projects according to their credentials. The underlying experiment
   is thus owned by the user and in the project, although all the work is
   still done by the geniuser pseudo user. The advantage of this approach
   is that we can use standard emulab access checks to control access to
   objects like datasets. Maybe images too at some point.

   NOTE: Users are not removed from projects once they are added; we are
   going to need to deal with this, perhaps by adding an expiration stamp
   to the groups_membership tables, and using the credential expiration to
   mark it.

   The second new configure option turns on the web login via the geni
   trusted signer. So, if I create a sliver on a backend cluster when both
   options are set, I can use the trusted signer to log into my newly
   created account on the cluster, and see it (via the emulab classic web
   interface).

   All this is in flux, might end up being a bogus approach in the end.

tipline will not exist until the VM is running (since the capture runs on
the physhost), but that that is too late for inclusion in the manifest.
Need a better mechanism.

can create an experiment for another user.

interactions with versioning that need to be worked out, since only
the head version can be deleted.

create_instance, now that user can manage multiple keys.

can get it easily.

which looks at environment variable to determine what user should be used
for access checks. Now used from the protogeni interface, when real
accounts are in use (but all work still done by geniuser).

interface.

as a guest and that they have to apply for a real account.

to let people login using the trusted signer.

most recently used.

Was using internal EventSend but that is really just for talking
to boss and we need to talk to ops.

Fixes issue with user appearing multiple times on a /etc/group line.

Currently only used to shutdown remote blockstores in advance of a
swapout (per-experiment event: objtype=="BSTORE", objname=="rem-bstore",
eventtype=="STOP").

.forward files. Change addpubkeys to use dropfile for the auth keys
file, and add createsshkey method to generate the key on ops, and
send the public key back via stdout.