What if humans want to use the "cephadm" user to administer their Ceph cluster?

[smithfarm]

At present, we know that:

1. mgr/cephadm (the "cephadm orchestrator"), running on a MGR node, uses SSH to run commands on other cluster nodes managed by it
2. ceph-salt is now configuring mgr/cephadm to SSH to other nodes as the user cephadm
3. the user cephadm can use sudo to run certain commands as root

It occurred to me that human administrators might not want to be logged in as root while administering their Ceph clusters. Such administrators might welcome the possiblity of using a non-root user for their day-to-day cluster admin work.

Therefore, I opened this issue to discuss whether it would make sense for ceph-salt (or, perhaps, cephadm itself) to set the ownership/permissions of the admin keyring file so that the file becomes readable by the user cephadm?