Remove ability for CouchDB admins to be used as medic admins

[SCdF]

Right now we use CouchDB admins as our medic admins.

Not only is there no reason to do this: it's dangerous. CouchDB admins are to CouchDB as root is to 'nix.

We cannot really use CouchDB roles for this: especially in the _users DB CouchDB doesn't really support you changing the security model and adding roles.

Instead, we should fix this by:

• [ ] Adding / modifying APIs in medic-api to support all "admin" functionality (like CRUDing users, modifying app settings), that correctly checks medic permissions, performs the actions if allowed, and doesn't allow stuff we don't want (ie you can only edit app settings, not edit views)
• [ ] Change webapp to point to those functions instead of directly hitting CouchDB
• [ ] Change the code, install instructions, scripts etc to bootstrap with an admin user, but then create another medic-admin user for people to log in as.
• [ ] Work out a migration plan (ie creating users) for all existing installs that use couchdb admins.
• [ ] Forcibly remove the ability to use CouchDB admins in the app
• [ ] Consider stratifying medic-api and medic-sentinel CRUD operations into those that do not need to be couchdb admins and those that do, and only using CouchDB admins where necessary. For example, there is no reason for couchdb-sentinel to ever have access to the admin user that I'm aware of. Medic-api mostly doesn't need that user, with some exceptions

[SCdF]

I've taken this out of 2.11. It's not required to solve the issues in that release.

[SCdF]

I have changed the description of this ticket with new information about how couchdb roles are not appropriate for solving this.