Uploading artifacts to Swift

There's a new role, the `upload-artifacts-swift`. It is a pretty
bare-bones role which should serve as a (mostly) drop-in replacement of
the add-fileserver + publish-artifacts-to-fileserver combo. It still
requires "something" to ensure that the artifacts are available at the
executor, and it will not register these artifacts, nor return them to
Zuul. That all should be done separately (check the rest of our CI setup
for details, especially publish-artifacts-base and
publish-artifacts-tenant in ci/project-config.git), this one is only a
building block.

The rest happens in the updated role `download-artifacts-from-check`. It
is no longer intended to run within the post playbook; it should now be
defined in a parent job's `run`.

Also, I'm moving everything to the executor so that we don't require a
dummy build node. This necessitated a fix to the executor's bubblewrap
configuration for accessing the TLS certificates and preferences and
what not.

Change-Id: I4e4bb26e5976127ca8c504ed3e6d1f8b9ede9393
diff --git a/zuul.yaml b/zuul.yaml
index 297d140..090d816 100644
--- a/zuul.yaml
+++ b/zuul.yaml
@@ -12,21 +12,14 @@
     timeout: 900
 
 - job:
-    name: publish-artifacts-from-check
+    name: promote-artifacts
     parent: publish-artifacts-tenant
     description: |
       Retrieve all artifacts built by the last matching run in the check
       pipeline, and promote them into a permanent location in the log server.
       This is intended to be run within a promote pipeline.
-    run: playbooks/download-artifacts-from-check/run.yaml
-
-- job:
-    name: promote-artifacts
-    parent: publish-artifacts-from-check
     nodeset:
-      nodes:
-        - name: f29
-          label: f29
+      nodes: []
 
 - job:
     name: f29-gcc