The existing auth logic breaks threshold evaluation in a couple
of ways:
* arbitrary alarms are visible to the administrative ceilometer
user, but state transformations cannot be recorded unless the
alarm is actually owned by this user also
* using the passed X-User-Id header to set the user ID on the
updated alarm would cause ownership of all alarms to be eventually
assumed by the ceilometer user (once a state transformation
occurs)
Change-Id: I0fcef188741c59fe2691e2009c28182dab51eb0b
032f66c144