incremental upgrades: better privilege separation
Originally created by @intrigeri on #6346 (Redmine)
The desktop user should not be allowed to install any random IUK. It
should only be allowed to run the update frontend as some dedicated
user, who itself is allowed to run tails-install-iuk
as root.
Parent Task: #5922 (closed)
Edited by intrigeri