It's necessary for kubernetes health checks.

Now there are two separate steps - get notifications and
get contacts for those notifications. Makes testing easier.

This is not needed anymore with the changes to the group infrastructure
which add an optional 'ldap_name' to groups whose membership should be
managed by LDAP queries and shib sessions.

These tests cover the bugfix in the previous commit.

Based on "feedback" from the low-latency group, the p_astro
and other information which is in the VOEvent files will not be
made available through the API to unauthenticated users. I'm
not sure why.

Needs to work properly with new AuthGroup setup and X509Cert
model changes

This was an exact duplicate of the user model and basically just
provided a simple way to organize robot accounts.  It's not useful
anymore since we'll just use a Group going forward to organize
these accounts.

An X509 certificate should only map to a single user account - we
can't do authentication properly if it maps to multiple, so this
was an obviously necessary change. There are several migrations for
making this conversion in steps.