Metacat

As we move toward the DataONE API where the MN does not provide identity and authorization services, perhaps the Metacat administrative functions should also follow suit. This would be a pretty large change for our users, but ultimately will simplify things so that we are not using two different identity/auth schemes to manage a single server.

In cases where the Metacat administrator did not have a useable (CILogon) identity we cold provide a utility to generate a client certificate for administrative use (or something akin to this). Ultimately this would need to be available in a browser UI where the bulk of our admin/config is performed.