Enable ci.l.o to securely push files to snapshots.linaro.org

Meta:
Headline: Provide a way for CI, android-build and ubuntu-build to easily and securely push files to snapshots.linaro.org.
Acceptance: Any build service (android-build, ci, ubuntu-build) with the access to appropriate private SSH keys can push files to snapshots.linaro.org web area and put them into their final destination.

Notes:
Danilo: we need to create an SSH key to use to access snapshots.linaro.org/kernel-hwpacks web area from ci.linaro.org, similarly to how linaro-android-build is currently set-up on mombin.canonical.com (host for snapshots.linaro.org). We should have the set-up slightly different though: we should push to a temporary area not directly visible on the web, and have a separate trigger (under separate user, like linaro-android-build-trigger) move files from that directory to the target web-visible dirs. Creating an updated script which moves files from a set
Danilo on 2012-02-24: filed RT https://rt.linaro.org/Ticket/Display.html?id=320 for users and created ssh keys on ci.linaro.org:./snapshots-sync
In line with the above RT, the script that needs writing should be run like eg. "jenkins-post-sftp -t (android|kernel-hwpacks|images|...) build-name build-number", and should move the build from /srv3/snapshots.linaro.org/uploads/[type-dependent-path]/build-name/build-number into appropriate area on /srv3/snapshots.linaro.org/www.
I'd prefer if this script was written in Python with unit tests to accompany it and ensure its correctness.
[pfalcon 2012-02-24] Danilo: please elaborate if we'd have per-host keys or single one. (2nd try, first was removed, hope as an edit conflict).
Danilo on 2012-02-24: Paul, I hope for both to be true: we'll have them per-host, but we'll also have a single host (jenkins). Not right now, though.
Danilo on 2012-03-15: Does it not make sense to assume generation of MANIFEST is needed for job-type==android?
[pfalcon 2012-03-15] ^^ Why hardcode assumptions if we instead can pass --manifest options when it's needed? Otherwise, whatever.
[deepti 2012-03-26] Would like to monitor how the publishing of the artifacts on snapshots.linaro.org goes for some more time. Also, lava will have downtime soon and I dont think I can get fair time to validate the hwpack from s.l.o hence I would be postponing the local archiving. Raised bug https://bugs.launchpad.net/linaro-ci/+bug/965249 to track it.
[deepti 2012-03-26] Spoke to Paul and Danilo regarding moving android-build.linaro.org to the same set-up and scripts. We think we will handle this when we get a new consolidated machine or work on it in the next milestone after the scripts are thoroughly tested on ci.linaro.org. Raised bug #https://bugs.launchpad.net/linaro-ci/+bug/965252 to track it.

Work items:
[danilo] Get 'linaro-ci-publish' and 'linaro-ci-publish-trigger' users created on mombin.canonical.com with appropriate setup: DONE
Create a new trigger script in lp:linaro-license-protection to support the new layout and specifying the "type" of the job (i.e. android/kernel-hwpack): DONE
Submit the script for review: DONE
Implement --manifest to generate MANIFEST file (android-build use prereq.): DONE
Generate lastSuccess, etc. "permalinks": DONE
Submit the changes manifest and permalinks for review: DONE
Merge the changes for manifest and permalinks to lp:linaro-license-protection: TODO
[pfalcon] Be in loop on --manifest and permalink generation in script: DONE
Configure kernel hwpacks jobs (and SFTP plugin) on ci.linaro.org to push to snapshots.linaro.org: DONE
Modify the lci-build-tools to refer to the snapshots.linaro.org instead of ci.linaro.org: DONE
Stop local artifacts archiving on ci.linaro.org for kernel hwpacks jobs: POSTPONED
Move android-build.linaro.org to the same set-up and scripts: POSTPONED