Remove default user for fingergw

We're presuming, by default, that a user named "zuul" exists, which
is not the case in some environments.  Change the default to avoid
dropping privileges, and require that this be explicitly set in order
to do so.

Change-Id: Ia677d2615dd9292a809df4c8859a60b7f4df6243

doc/source/admin/components.rst

@@ -845,11 +845,12 @@ sections of ``zuul.conf`` are used by the finger gateway:
       the default value is highly recommended.
 
    .. attr:: user
-      :default: zuul
 
       User ID for the zuul-fingergw process. In normal operation as a
-      daemon, the finger gateway should be started as the ``root`` user, but
-      it will drop privileges to this user during startup.
+      daemon, the finger gateway should be started as the ``root``
+      user, but if this option is set, it will drop privileges to this
+      user during startup.  It is recommended to set this option to an
+      unprivileged user.
 
 Operation
 ~~~~~~~~~

releasenotes/notes/fingergw-user-f4edf5d300d78f56.yaml

@@ -0,0 +1,7 @@
+---
+upgrade:
+  - The ``user`` value in the ``[fingergw]`` configuration section
+    previously defaulted to ``zuul``, but now is unset by default,
+    which will cause fingergw not to drop privileges.  It is
+    recommended that this value be explicitly set to an unprivileged
+    user.

zuul/cmd/fingergw.py

@@ -63,7 +63,7 @@ class FingerGatewayApp(zuul.cmd.ZuulDaemonApp):
         # Get values from configuration file
         host = get_default(self.config, 'fingergw', 'listen_address', '::')
         port = int(get_default(self.config, 'fingergw', 'port', 79))
-        user = get_default(self.config, 'fingergw', 'user', 'zuul')
+        user = get_default(self.config, 'fingergw', 'user', None)
         cmdsock = get_default(
             self.config, 'fingergw', 'command_socket',
             '/var/lib/zuul/%s.socket' % self.app_name)