Running vncauthproxy as nobody:www-data makes more sense. We have better
privilege separation between apache2/gunicorn and vncauthproxy, while
gunicorn can still to connect to the vncauthproxy's control socket.

When/if vncauthproxy starts using TCP ctrl sockets instead of UNIX, this
could be omitted entirely.

We could also consider adding a separate user/group for vncauhtproxy.