Update Gerrit permissions for global service users (built at http://cl/899219124)

Added permissions:
  Section [refs/heads/*]:
    Read:
      ALLOW: autoupdate-vigil-service-accounts
      ALLOW: autoupdate-service-accounts
      ALLOW: autoupdate-onboarding-service-accounts
    Submit:
      ALLOW: autoupdate-vigil-service-accounts
      ALLOW: autoupdate-service-accounts
    Push:
      ALLOW: autoupdate-vigil-service-accounts
      ALLOW: autoupdate-service-accounts
  Section [GLOBAL_CAPABILITIES]:
    viewAllAccounts:
      ALLOW: autoupdate-vigil-service-accounts
      ALLOW: autoupdate-service-accounts
      ALLOW: autoupdate-onboarding-service-accounts

groups

diff --git a/groups b/groups
index 2c989ff..e38e955 100644
--- a/groups
+++ b/groups
@@ -3,6 +3,9 @@
 10f1f90b56e5c67fe3754f0e79a11078d3be27f7	Approvers
 64aa5c40843772f1f9b44a83e6f5b30c041a55b3	SLSA Policy Verification Service Accounts
 9bc22fa4f697d9ac2767e8edc1ba8d5c716b1f22	Reviewers
+a23d6e3aa689cb43468956272ea2ae7e1fd30efc	autoupdate-service-accounts
+bb453570d8044b74b5278b2cae4ef527e6086e7e	autoupdate-vigil-service-accounts
+e22778d0de5b72719674beba88ecef7ac811ec1f	autoupdate-onboarding-service-accounts
 eac29dd93c6a9726e9744c4ad1453d4788f21717	Admins
 global:Anonymous-Users                  	Anonymous Users
 global:Project-Owners                   	Project Owners

project.config

diff --git a/project.config b/project.config
index ea17990..4b35a8b 100644
--- a/project.config
+++ b/project.config
@@ -41,14 +41,21 @@
 	label-Code-Review = -1..+1 group Registered Users
 	push = group Admins
 	push = group Project Owners
+	push = group autoupdate-service-accounts
+	push = group autoupdate-vigil-service-accounts
 	push = group mdb/copybara-git-writers
 	push = group mdb/cuelang-repo
 	submit = group Admins
 	submit = group Approvers
 	submit = group Project Owners
+	submit = group autoupdate-service-accounts
+	submit = group autoupdate-vigil-service-accounts
 	submit = group mdb/cuelang-repo
 	label-SLSA-Policy-Verified = -1..+1 group SLSA Policy Verification Service Accounts
 	Read = group SLSA Policy Verification Service Accounts
+	Read = group autoupdate-onboarding-service-accounts
+	Read = group autoupdate-service-accounts
+	Read = group autoupdate-vigil-service-accounts
 [access "refs/meta/config"]
 	exclusiveGroupPermissions = read
 	create = group Admins
@@ -94,6 +101,9 @@
 	administrateServer = group Admins
 	administrateServer = group mdb/cuelang-repo
 	gerrit-google-manageUsersGet = group mdb/copybara-git-readers
+	viewAllAccounts = group autoupdate-onboarding-service-accounts
+	viewAllAccounts = group autoupdate-service-accounts
+	viewAllAccounts = group autoupdate-vigil-service-accounts
 	viewAllAccounts = group mdb/copybara-git-readers
 [submit-requirement "Code-Review"]
 	submittableIf = label:Code-Review=MAX AND -label:Code-Review=MIN