TestSwarm: Auto-provision projects and project tokens (then: rotate passwords)

[Krinkle]

In the team meeting on 31 March 2023, we looked back on the swarm-02.ops server refresh (https://github.com/jquery/infrastructure/issues/444). The main thing that stood out is the lack of backup, which, while intentional, is also a bit of a weakness.

The most prominent issue was the runtoken used by testswarm-browserstack clients, which we've since then fixed by adding the capability in TestSwarm for the runtoken to be provisioned through a configuration file (https://github.com/jquery/testswarm/commit/a7e7d6a817f7da95a257bc6570d4b56d74dbd802, https://github.com/jquery/infrastructure-puppet/commit/c08925387f7a394f9f87fea4ea45985717314464).

The remaining issues are:

• Auto-provisioning of the project accounts. We currently have to create these manually based on private documentation at https://github.com/jquery/infrastructure/wiki/TestSwarm#create-users. This includes very outdated passwords, which we should rotate and keep in our password vault instead.
• Auto-provisioning of project tokens. These are currently dynamically generated as random values at install time, yet, we reference them statically from private Jenkins configuration files (jenkins: node-testswarm-config.json). Ideally, these too would be auto-provisioned via Puppet secrets and thus be able to to be kept in sync, or at least be declared and re-creatable on a fresh server in the same way so that server refresh and token refresh are seperable events.

[timmywil]

The jQuery testswarm instance will be decommissioned soon. This will no longer be necessary.