Code review comment for lp:~sinzui/launchpad/expire-oauth-token

This is my branch to fix OAuth access token permissions.

    lp:~sinzui/launchpad/portlet-package-summary-timeout
    Diff size: 34
    Launchpad bug: https://bugs.launchpad.net/bugs/511567
    Test command: ./bin/test -vv -t doc/oauth.txt
    Pre-implementation: no one
    Target release: 10.02

Fix OAuth access token permissions
----------------------------------

I have bughugger authorised as an application which can access launchpad on
my behalf.

Out of curiosity, I tried to remove its authorisation from launchpad:
And I get the following error:

    Not allowed here
    Sorry, you don't have permission to access this page.

Rules
-----

    * Fix the security checker, which is checking a decorator, not the person.
      * It was broken when henning added his nice security utility...the
        test uses an admin, not a regualr user, so the problem was not caught.

QA
--

    * Visit https://edge.launchpad.net/people/+me/+oauth-tokens
    * Revoke a script.
    * Verify it is gone; there is no 403 error.

Lint
----

Linting changed files:
  lib/canonical/launchpad/security.py
  lib/canonical/launchpad/doc/oauth.txt

Test
----

    * lib/canonical/launchpad/doc/oauth.txt
      * Added a test to show a *non-admin* can change his access token.

Implementation
--------------

    * lib/canonical/launchpad/security.py
      * Updated the security checker to user user.person not the decorator
        object.