'superuser' privilege required for ci-user

[bbcmicrocomputer]

When using proxy servers with Juju, e.g.:

juju bootstrap --config ~/controller-config.yaml --model-default ~/controller-config.yaml --to bootstrap.maas maas maas-controller

where 'controller-config.yaml' contains:

http-proxy: http://x.x.x.x:yyyy
https-proxy: http://x.x.x.x:yyyy
no-proxy: localhost,127.0.0.1

The 'add-model' privilege ('juju grant ciuser add-model') isn't enough for registered controllers in cwr to read model-defaults and thus don't use proxy variables when deploying.

I had to grant a registered controller 'superuser' privilege within Juju to make proxy variables work, e.g.:

juju grant ciuser superuser

Docs need updating to reflect this (perhaps even make 'superuser' the default permission to grant).