Earlier implementation restricted all users except root from using su.
This has been changed now. This implementation only restricts 'amnesia'
user from using su. Others users can now use su.

Merge branch 'hefee/bugfix/16186-disable-autocrypt+force-all-tests' into devel (Fix-committed: #15657, #15661, #16222)

Note: this branch actually does _not_ do anything special wrt. Autocrypt,
nor does it address #16186 (if there's anything to address there, which
is unclear at the moment).

We do need this branch merged in time before the 3.12 freeze.
There are still a few things to fix here and there but their
ETA is either after the freeze, or unknown.

refs: #15292

The follow-up fixes after the review of this branch were pushed
but not reviewed yet. Regardless, we need this branch merged
so that 3.12~rc1 can be prepared.

refs: #15999

This branch might be incomplete (left to check) and it needs a tiny bit of
polishing, but it's definitely an incremental improvement over the current
state of things: this will ensure we have a more relevant test suite
when preparing 3.12~rc1.

refs: #16004

At this point it's unclear whether there's a problem to solve
(https://redmine.tails.boum.org/code/issues/16299#note-20)
and if there's one, whether this is the best way to solve it
(https://redmine.tails.boum.org/code/issues/16299#note-19).

This reverts commit a2bb3bf0.

Merge remote-tracking branch 'origin/devel' into hefee/bugfix/16186-disable-autocrypt+force-all-tests

Just make sure, that the checkmark in Torbirdy's config dialog still
shows the correct status.

Instead of patching torbirdy, ship a configuration file in /etc, so it
is easier to update torbirdy at a live seesion. And it is much cleaner
to find, what configurations were changed by Tails.

We shipped thunderbird with Autocrypt enabled by default. As Tails we do
not recommend to use Autocrypt by default at the moment. Ask the user,
what they want to do abut Autocrypt.

It's called tailslib.adminpassword now that it's been moved to the
tailslib module.

(Fix-committed: #16352, #16184)

I want a search'n'replace feature that also updates grammar accordingly.
M-x what?

I wrote the initial draft before the corresponding code actually existed.
In the end we decided to guess the filename of the .img based on the filename of
the .iso and thus we did not add a --old-img flag.

Merge remote-tracking branch 'origin/doc/15999-integrate-usb-image-in-the-release-process' into doc/15999-integrate-usb-image-in-the-release-process

Test suite: when MAC spoofing fails, test safety-critical properties even if the notification is not displayed.

As said on #10774, it's not clear to me whether these scenarios'
frequent failure is "merely" (sic) a test suite robustness issue,
or an actual bug in Tails.

But anyway, MAC spoofing fails, what matters above all is that the network
interfaces are disabled and that the real MAC address is not leaked, so let's
test this first: this way, even if there's a problem wrt. displaying the
notification or wrt. the test suite catching it, by running these scenarios we
will at least ensure the user is safe — possibly with poor UX, but safe.

refs: #10774

Let's align with the updated documentation: those scenarios aren't
documented any more, drop them entirely.