Replace use of chown in maintainer scripts

From Seth's security review:

TL;dr: please see if we could replace the use of chown -R with something else.

"""
I reviewed heat-dashboard version 1.4.0-0ubuntu1 as checked into cosmic.
This shouldn't be considered a full audit but rather a quick gauge of
maintainability.

heat-dashboard is a web interface to the heat openstack orchestration
tool, which can help spin up repeatable instances of guests and networks.

- No CVEs in our database
- Huge list of build-depends, long enough I'll skip pasting it here
- pre/post inst/rm scripts mostly automatically added, but there is a
  section to "compress the JS and CSS"[1] that also uses a recursive
  chown. This is dangerous on many kernels.
- No init scripts
- No systemd units
- No dbus services
- No setuid
- No binaries in PATH
- No sudo fragments
- No udev rules
- There are some tests but I didn't see their results in the logs
- No cron jobs
- lintian failure in the build logs[2]

- No processes spawned
- No file IO
- Minimal logging, looked fine
- No environment use
- No privileged functions
- Random numbers are generated in Javascript for some reason; using safe
  sources before falling back to unsafe sources
- OpenStack settings OPENSTACK_SSL_NO_VERIFY and OPENSTACK_SSL_CACERT can
  configure TLS verification and trust root
- No temp files
- Extensive networking via django; a handful of inspected methods looked
  properly defensive
- No WebKit
- No PolicyKit

I also found and reported a potential problem with incorrectly escaped
URLs: https://storyboard.openstack.org/#!/story/2004454
I can't tell if this would break anything important or not.

Security team ACK for promoting heat-dashboard to main. I'd like to see
the chown -R removed but don't know what to suggest in its place.

Thanks

[1]: Note especially the 'chown -R' command; on kernels that follow
hardlinks from one uid to another, this can allow horizon to gain
ownership of any other files on the filesystem.

if [ "$1" = "configure" ] ; then
 # Compress the JS and CSS with python-compressor and python-lesscpy
 python /usr/share/openstack-dashboard/manage.py collectstatic --clear --noinput
 python /usr/share/openstack-dashboard/manage.py compress --force
 if [ -f '/var/lib/openstack-dashboard/secret-key/.secret_key_store' ]; then
  rm -f /var/lib/openstack-dashboard/secret-key/.secret_key_store
 fi
 if [ -d /var/lib/openstack-dashboard ]; then
  chown -R horizon:horizon /var/lib/openstack-dashboard
 fi
fi

[2]:
E: heat-dashboard source: source-is-missing xstatic/pkg/js_yaml/data/js-yaml.js line length is 846 characters (>512)
E: heat-dashboard source: source-is-missing heat_dashboard/static/dashboard/project/heat_dashboard/template_generator/js/libs/angular-material.js line length is 1539 characters (>512)
W: python-heat-dashboard: priority-extra-is-replaced-by-priority-optional
W: python-heat-dashboard: maintainer-script-should-not-use-recursive-chown-or-chmod postinst:13
W: python3-heat-dashboard: priority-extra-is-replaced-by-priority-optional
W: python3-heat-dashboard: maintainer-script-should-not-use-recursive-chown-or-chmod postinst:13
W: heat-dashboard-common: priority-extra-is-replaced-by-priority-optional
E: heat-dashboard-common: python-package-missing-depends-on-python
"""