Update Gerrit permissions for global service users (built at http://cl/899219124)

Added permissions:
  Section [refs/heads/*]:
    Read:
      ALLOW: autoupdate-vigil-service-accounts
      ALLOW: autoupdate-service-accounts
      ALLOW: autoupdate-onboarding-service-accounts
    Submit:
      ALLOW: autoupdate-vigil-service-accounts
      ALLOW: autoupdate-service-accounts
    Push:
      ALLOW: autoupdate-vigil-service-accounts
      ALLOW: autoupdate-service-accounts
  Section [GLOBAL_CAPABILITIES]:
    viewAllAccounts:
      ALLOW: autoupdate-vigil-service-accounts
      ALLOW: autoupdate-service-accounts
      ALLOW: autoupdate-onboarding-service-accounts

groups

diff --git a/groups b/groups
index de46db2..345bb54 100644
--- a/groups
+++ b/groups
@@ -1,6 +1,9 @@
 # UUID                                  	Group Name
 #
+00026e3dbd0370db6eaa2c6dcdf0da5af407034b	autoupdate-vigil-service-accounts
 46e59dd3f263fe8298031896d41a9a92885b548f	SLSA Policy Verification Service Accounts
+66cceeb8cff1df769124ca2e039961fd3ad61644	autoupdate-service-accounts
+96e864cc639871e2860e75cc4a578e3af75d1a9b	autoupdate-onboarding-service-accounts
 global:Anonymous-Users                  	Anonymous Users
 global:Project-Owners                   	Project Owners
 global:Registered-Users                 	Registered Users

project.config

diff --git a/project.config b/project.config
index 2bac327..2a07e1c 100644
--- a/project.config
+++ b/project.config
@@ -23,18 +23,25 @@
 	forgeCommitter = group Project Owners
 	forgeCommitter = group ldap/manganese-gob-admins
 	push = group Project Owners
+	push = group autoupdate-service-accounts
+	push = group autoupdate-vigil-service-accounts
 	push = group ldap/manganese-gob-admins
 	label-Code-Review = -2..+2 group Project Owners
 	label-Code-Review = -2..+2 group ldap/manganese-gob
 	label-Code-Review = -2..+2 group ldap/manganese-gob-admins
 	label-Code-Review = -1..+1 group Registered Users
 	submit = group Project Owners
+	submit = group autoupdate-service-accounts
+	submit = group autoupdate-vigil-service-accounts
 	submit = group ldap/manganese-gob
 	submit = group ldap/manganese-gob-admins
 	editTopicName = +force group Project Owners
 	editTopicName = +force group ldap/manganese-gob-admins
 	label-SLSA-Policy-Verified = -1..+1 group SLSA Policy Verification Service Accounts
 	Read = group SLSA Policy Verification Service Accounts
+	Read = group autoupdate-onboarding-service-accounts
+	Read = group autoupdate-service-accounts
+	Read = group autoupdate-vigil-service-accounts
 [access "refs/meta/config"]
 	exclusiveGroupPermissions = read
 	read = group Project Owners
@@ -65,6 +72,9 @@
 	addPatchSet = group Registered Users
 [capability]
 	administrateServer = group ldap/manganese-gob-admins
+	viewAllAccounts = group autoupdate-onboarding-service-accounts
+	viewAllAccounts = group autoupdate-service-accounts
+	viewAllAccounts = group autoupdate-vigil-service-accounts
 [submit-requirement "Code-Review"]
 	submittableIf = label:Code-Review=MAX AND -label:Code-Review=MIN
 	canOverrideInChildProjects = true