Magento2: Unnecessary permissions checks on upgrade hampering security

Preconditions

1. Magento 2.1.5
2. Deployment user owns all files except media. PHP user owns media files because it writes them, so deployment user may not have write permissions

Steps to reproduce

1. Create some media files as php user
2. Run setup:upgrade as the deployment user

Expected result

1. setup:upgrade to complete as usual

Actual result

1. Error complaining that there are files in pub/media that are not writable by the current user (which is not the php user used by the webserver so it does not need that access).

There are two principles that are colliding here:

1. The PHP user should not be able to change file contents e.g. it should not be able to write anything in vendor.
2. The deployment user should not be root (esp in multi-server setups when deployment logs in automatically - that user should not have root access!!)

Therefore it falls out logically that the php user should not be owner of most files, but the deployment user will need to be to be able to write them. However, the php user does create files in media, so they will end up as the owner, and the deployment user may not have access to them.

So you can see why a check on system:upgrade to make sure that media is writable is restrictive and breaks the above need that is only a logical extension of sensible security policies.