- 0052_update_gstlalcbc_O3b_cert.py: gstlalcbc was issued a new cert at CIT.
      I manually migrated on production and playground, but i'm backing up the
      migration here.
    - 0005_add_coinc_far_and_em_type.py: snapshotting the migration for the new
      `em_coinc` and `em_type` data fields. This will most likely change.

Better handling of case where a certificate already exists, but is
assigned to a different user.

Users in this group have permission to "T90", or update certain
parameters of GrbEvents in GraceDB

These tests cover the bugfix in the previous commit.

Needs to work properly with new AuthGroup setup and X509Cert
model changes

This was an exact duplicate of the user model and basically just
provided a simple way to organize robot accounts.  It's not useful
anymore since we'll just use a Group going forward to organize
these accounts.

An X509 certificate should only map to a single user account - we
can't do authentication properly if it maps to multiple, so this
was an obviously necessary change. There are several migrations for
making this conversion in steps.

ligoauth.models.AuthGroup is an enhanced version of the builtin Django
Group model. We add useful attributes like a description, ldap_name,
and Tag.  These can be used to abstract things that are presently
handled manually, like inheriting membership from an LDAP group or
allowing access to view log messages/files with a specific Tag.

I ran some tests comparing this multi-table inheritance setup to
adding a OneToOneField and loading it with/without select_related.
After 1K trials, the DB query times looked comparable and didn't
require multiple queries for this arrangement, so the convenience
seems to be worth it.

The commit creates the model and populates an instance for existing
each existing Django Group.

When applied, this makes a view publicly available *if* the
settings.UNAUTHENTICATED_ACCESS switch is True; otherwise you
must be authenticated. This will be useful to propagate to
most other views to make this settings switch globally effective
at some point.

A web view has been created which allows EM advocates to disable
or enable pipeline submissions. This is to prevent misbehaving
pipelines from submitting bad information. The mechanism works by
preventing events from being submitted to a given pipeline, not
by revoking certificates or removing user account permissions.

Due to the fact that we are using multiple attribute authorities,
there are some cases (specifically email) where there are multiple
values provides for an attribute, separated by a semi-colon.

This update handles those instances and takes the first value in
the list.