Code review comment for lp:~cjwatson/launchpad/db-git-imports

My plan was to use macaroons (in this case mainly because that's a
conveniently-packaged version of HMAC, but it would fit well with other
future plans for HTTPS pushes), effectively generating a root key for
each job. But it would probably make more sense to have a single root
key configured using the slightly-awkward secret-management arrangements
in production-configs instead, and then attach the CodeImportJob.id as a
caveat in each case. I'll put together enough code to convince myself
that this will work and delete this column if so.