I think it might be nicer operationally if we put AutomationClients in the configuration.

There's been a bunch of times in dev setups I've had to jump through an extra hoop for setup to mark a client as an automation enabled one, but it would have been straightforward in code.

Config changes are peer-reviewed and tracked in source control, but DB changes aren't. We don't have any tooling to mark a client as automation -- we just run a SQL query.

In my experience with Keywhiz, the number of needed automation clients is small (single digits). So this is fine.

It'll allow us to easily expand a more fine-grained ACL system easier in the future, since the yaml files can be extended without needing DB migrations, etc.

If nobody protests, I'll make a PR for this next week.