manageacls.py could accidentally grant permissions to wrong document in case of name clash

[pamelafox]

This issue is for a: (mark with an x)

- [X] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

1. Upload document with name fileA.pdf using prepdocs.sh
2. Upload different document with name fileA.pdf using user-upload feature from webapp
3. Use manageacls.py to add ACL for fileA.pdf to user B. It'll search for all files named fileA.pdf, including ones that were user uploaded, since it doesn't have a way to distinguish user-uploaded from admin-uploaded.

Suggested resolution

• Add a field "sourcepath" or "blobpath" in searchmanager setup that will will contain the full path of the document: storageaccount/container/directory
• Add that field to manageacls.py enable_acls as well
• Set that field from both user-upload and prepdocs ingestion path
• Perhaps provide a script to auto-adjust existing paths?
• Note in the login_and_acls doc that a longer path must be specified for manageacls. Though we could provide an argument or shortcut for saying "default".