Fully manage the `.ssh/authorized_keys` file for root,
so that keys removed from Salt are also removed from the file.

Note that the AWS (Linux) machines are configured to have two
additional keys in the root `authorized_keys` file,
namely `servo-aws` and `servo-aws-reserved-instances`,
but when used these keys will tell the user to log in as ubuntu,
so they don't provide real access.
Remove these keys as they are not useful.

Add documentation about gaining SSH access and revoking/rotating keys.