TPA folks still don't have users in stone, the Tails backup server

There's a UID clash in stone and users for anarcat, lavamind and lelutin were never created.

Error: Could not create user anarcat: Execution of '/usr/sbin/useradd -d /home/anarcat -s /bin/bash -u 1025 -m anarcat' returned 4: useradd: UID 1025 is not unique
Error: /Stage[main]/Rbac/User[anarcat]/ensure: change from 'absent' to 'present' failed: Could not create user anarcat: Execution of '/usr/sbin/useradd -d /home/anarcat -s /bin/bash -u 1025 -m anarcat' returned 4: useradd: UID 1025 is not unique
Error: Could not create user lavamind: Execution of '/usr/sbin/useradd -d /home/lavamind -s /bin/bash -u 1026 -m lavamind' returned 4: useradd: UID 1026 is not unique
Error: /Stage[main]/Rbac/User[lavamind]/ensure: change from 'absent' to 'present' failed: Could not create user lavamind: Execution of '/usr/sbin/useradd -d /home/lavamind -s /bin/bash -u 1026 -m lavamind' returned 4: useradd: UID 1026 is not unique
Error: Could not create user lelutin: Execution of '/usr/sbin/useradd -d /home/lelutin -s /bin/bash -u 1027 -m lelutin' returned 4: useradd: UID 1027 is not unique
Error: /Stage[main]/Rbac/User[lelutin]/ensure: change from 'absent' to 'present' failed: Could not create user lelutin: Execution of '/usr/sbin/useradd -d /home/lelutin -s /bin/bash -u 1027 -m lelutin' returned 4: useradd: UID 1027 is not unique

The assigned UIDs for them clash with UIDs that are already allocated to backup users:

root@stone:~# grep '102[5-7]' /etc/passwd
teels:x:1025:1025::/home/teels:/bin/sh
dragon:x:1026:1026::/home/dragon:/bin/sh
gecko:x:1027:1027::/home/gecko:/bin/sh

Also, we don't see this in our monitoring, so maybe we should fail hard in those cases so we at least see systemd errors?

/cc @groente