Add webathena authentication button for Zephyr users.

This shows up when you're not running a Zephyr mirroring bot and lets
you use Webathena to have us run it.  Obviously needs more docs.

Current problems include:

* supervisorctl reload ends up recreating /var/run/supervisor.sock
  with the wrong permissions, so it only works once in a row before
  you need to chmod that.

* /etc/supervisor/conf.d needs to be humbug-writeable; this is a clear
  local root vulnerability

* This uses SSH and thus is kinda slow.

(imported from commit 7029979615ffd50b10f126ce2cf9a85a5eefd7a2)

bots/zmirror_private.conf.template

@@ -0,0 +1,11 @@
+[program:zmirror-USERNAME]
+command=python /home/humbug/humbug/bots/zephyr_mirror_backend.py --root-path=/home/humbug/humbug/bots --user=USERNAME --enable-log=/home/humbug/logs/mirror-log-%(program_name)s --use-sessions --session-path=/home/humbug/zephyr_sessions/%(program_name)s --api-key-file=/home/humbug/api-keys/%(program_name)s
+priority=200                   ; the relative start priority (default 999)
+autostart=true                 ; start at supervisord start (default: true)
+autorestart=true               ; whether/when to restart (default: unexpected)
+stopsignal=TERM                 ; signal used to kill process (default TERM)
+stopwaitsecs=30                ; max num secs to wait b4 SIGKILL (default 10)
+user=humbug                    ; setuid to this UNIX account to run the program
+redirect_stderr=true           ; redirect proc stderr to stdout (default false)
+stdout_logfile=/var/log/humbug/%(program_name)s.log         ; stdout log path, NONE for none; default AUTO
+environment=HOME="/home/humbug",USER="humbug",KRB5CCNAME="/home/humbug/ccache/%(program_name)s"