turn adduser/download roles into meta roles

This should make things a little more composable,
by making these roles meta roles that perform no
actions by default we allow each role to own its own
resources.