Create complete recipes for pip-compile

[ross-spencer]

This commit introduces a storage service command for pip-compile and ensures that for both Archivematica and the Storage Service permissions are updated so that they remain usable by the caller, i.e. permissions are reset to 0644 and ownership reset to the user-space UID for the current login and not root for sudo callers.

For usability the two commands to test are:

• reset-permissions-to-user-am
• reset-permissions-to-user-ss

With -am and -ss at the end of the command, they are easier to exchange vs. mid-string.

The last three commits today (Aug 5) should be the ones reviewed here and will make up the re-base.

One additional point of note is that previously I thought all meant a clean and compile. I hadn't studied the compile Makefiles too carefully. Without a clean step this has tripped us up a few times, either testing this particular PR, or other related compile PRs. I've therefore implemented a clean-and-compile approach to this which, while it takes longer, is better practice in the long-run. I'd like us to stick with those given the option.

Connected to archivematica/issues#1039 Requires https://github.com/artefactual/archivematica-storage-service/pull/540 (see notes)

[ross-spencer]

@sevein I see you've approved this, but there was one last point of note. The ${CALLER_GID} seems to be set to docker which makes sense. Maybe it's the cleanest we can get? Anyway, feel free to merge or have a go at fixing it up first-thing if you want to take care of that. It iwll be good to have this one out of the way.

[sevein]

The ${CALLER_GID} seems to be set to docker which makes sense. Maybe it's the cleanest we can get?

Perhaps that's because you have docker set as your primary group?

# Primary group
$ id -gn
jesus

# All groups
$ id -Gn
jesus docker