- 0052_update_gstlalcbc_O3b_cert.py: gstlalcbc was issued a new cert at CIT.
      I manually migrated on production and playground, but i'm backing up the
      migration here.
    - 0005_add_coinc_far_and_em_type.py: snapshotting the migration for the new
      `em_coinc` and `em_type` data fields. This will most likely change.

Remove usage of .keys(), .has_key(), and .iteritems(), and
account for the fact that .values() produces an iterator in Python 3.

Better handling of case where a certificate already exists, but is
assigned to a different user.

Users in this group have permission to "T90", or update certain
parameters of GrbEvents in GraceDB

These tests cover the bugfix in the previous commit.

Needs to work properly with new AuthGroup setup and X509Cert
model changes

This was an exact duplicate of the user model and basically just
provided a simple way to organize robot accounts.  It's not useful
anymore since we'll just use a Group going forward to organize
these accounts.

An X509 certificate should only map to a single user account - we
can't do authentication properly if it maps to multiple, so this
was an obviously necessary change. There are several migrations for
making this conversion in steps.

ligoauth.models.AuthGroup is an enhanced version of the builtin Django
Group model. We add useful attributes like a description, ldap_name,
and Tag.  These can be used to abstract things that are presently
handled manually, like inheriting membership from an LDAP group or
allowing access to view log messages/files with a specific Tag.

I ran some tests comparing this multi-table inheritance setup to
adding a OneToOneField and loading it with/without select_related.
After 1K trials, the DB query times looked comparable and didn't
require multiple queries for this arrangement, so the convenience
seems to be worth it.

The commit creates the model and populates an instance for existing
each existing Django Group.

When applied, this makes a view publicly available *if* the
settings.UNAUTHENTICATED_ACCESS switch is True; otherwise you
must be authenticated. This will be useful to propagate to
most other views to make this settings switch globally effective
at some point.