tb approval for package importer robot account (LP: #524173)

[Martin Pool]

There is a robot in <http://package-import.ubuntu.com/status/> that
synchronizes source packages into Ubuntu package branches.

At the moment, this runs in james_w's personal account, since that's
how he originally set it up.  This is suboptimal for a bunch of
reasons, amongst which are that the imported revisions appear to have
been personally created by James; that it has credentials to
impersonate James in other ways (eg tweaking bugs); and that it will
break if for any reason James ceases involvement with Ubuntu.

This is <https://bugs.launchpad.net/udd/+bug/524173>.

I'd like to fix this now by:

 * creating a new bot account with an email address called say
package-import at canonical.com, with mail to that account going to (say)
canonical-bazaar
 * creating an API key and SSH key for that account
 * switching the package import to use that account
 * having the tb add this to the list of permitted uploaders for
/ubuntu (but not into ~core-dev)

Some reasonable concerns have been raised that this does not get as
much to a least-privilege setup as one could desire.   In particular:
the new account will be able to upload packages as well as write to
branches: Launchpad does not have separate ACLs for those actions at
present.  Secondly, the service is not yet fully LOSA maintained,
though there is a ticket asking for it to become so (canonical rt
39614).

On both of these I think it's worth acknowledging that more should be
done in the future, but also that making the importer use its own
account and identity will be a step forward for security and not a
step back.  It won't gain any extra privileges as a result of those
changes, it will lose access to other things James can do, and it will
be easier to track.

If you see any problems or object to this, please let me know.

Martin