Juju should disable do-release-upgrade on all Ubuntu-based machines except during "juju upgrade-series"

/etc/update-manager/release-upgrades can be edited with the setting Prompt=never as a way to prevent do-release-upgrade from being run by accident on a machine. Indeed, a patch was accepted into Juju recently to use this method to block series upgrades on the controllers.

This type of functionality would be very useful to have generally. It's very easy to forget to run "juju upgrade-series", especially in environments where administrators often have to "juju ssh" into machines for maintenance/debug purposes, and "do-release-upgrade" may be run directly without first running "juju upgrade-series <num> prepare <series>" first.

I would suggest:

* For Ubuntu-based machines, Juju should automatically set Prompt=never in /etc/update-manager/release-upgrades to disallow accidental running of do-release-upgrade. (A comment explaining that Juju set this would be a good bonus.)

* Upon "juju upgrade-series prepare", /etc/update-manager/release-upgrades should be modified to use a sane Prompt value which will allow do-release-upgrade to work. An exception would be the controller model; "juju upgrade-series" should not be allowed to work there due to the Mongo-related limitations.

* Upon "juju upgrade-series complete", /etc/update-manager/release-upgrades should be re-set to have Prompt=never.

----

Related bugs and MRs:

* https://bugs.launchpad.net/juju/+bug/1881218
  (Bug against Juju to perform this type of block specifically for controller machines)
* https://github.com/juju/juju/pull/14110
  (MR against Juju for the same)
* https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/1882794
  (Bug against do-release-upgrade to allow for a hook or similar that Juju could use to block accidental use of do-release-upgrade outside of the "juju upgrade-series" flow.)