Only allow root to run update plugins

Several plugins need restarting the DS (or they currently do
an external bind).
Rather than disabling plugins (possibly partially), refuse
to run them when run as an unprivileged user.

This means running ipa-ldap-updater as non-root requires specifying
a list of files, and omiting the --upgrade and --plugins options.

https://fedorahosted.org/freeipa/ticket/2621

ipaserver/install/plugins/updateclient.py

@@ -165,9 +165,6 @@ class updateclient(backend.Executioner):
         return self.Updater[method](**kw) #pylint: disable=E1101
 
     def restart(self, dm_password, live_run):
-        if os.getegid() != 0:
-            self.log.warn("Not root, skipping restart")
-            return
         dsrestart = DSRestart()
         socket_name = '/var/run/slapd-%s.socket' % \
             api.env.realm.replace('.','-')