Fix the codecov upload

Currently builds are failing to upload coverage reports because:

```
==> Uploading
    .url https://codecov.io
    .query service=circleci&package=py2.0.15&job=1057.0&yaml=codecov.yml&token=<secret>&build=1057.0&branch=154.save-and-respond.1&commit=714379bf&slug=PrivateStorageio%2FZKAPAuthorizer
    Pinging Codecov...
    Uploading to S3...
Error: 400 Client Error: Bad Request for url: https://storage.googleapis.com/codecov/v4/raw/2020-05-26/3F10B6B6FEA878CCC9F58EAF87855DA8/714379bfb318ec39566729b2fecce6339ff55daf/17397def-dfec-47bb-b20f-879e223b0e90.txt?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=GOOG1EQX6OZVJGHKK3633AAFGLBUCOOATRACRQRQF6HMSMLYUP6EAD6XSWAAY%2F20200526%2FUS%2Fs3%2Faws4_request&X-Amz-Date=20200526T132703Z&X-Amz-Expires=10&X-Amz-SignedHeaders=host&X-Amz-Signature=86369f603a1c27782899d7df6206b35a4564c70fe4efaea3cb72dd03cfb80b36

Tip: See all example repositories: https://github.com/codecov?query=example
Support channels:
  Email:   hello@codecov.io
  IRC:     #codecov
  Gitter:  https://gitter.im/codecov/support
  Twitter: @codecov
```

If SpendingController develops some internal state it should really remain
internal, anyway.  Don't make _plugin.py worry about this.

Currently builds are failing to upload coverage reports because:

```
==> Uploading
    .url https://codecov.io
    .query service=circleci&package=py2.0.15&job=1057.0&yaml=codecov.yml&token=<secret>&build=1057.0&branch=154.save-and-respond.1&commit=714379bf&slug=PrivateStorageio%2FZKAPAuthorizer
    Pinging Codecov...
    Uploading to S3...
Error: 400 Client Error: Bad Request for url: https://storage.googleapis.com/codecov/v4/raw/2020-05-26/3F10B6B6FEA878CCC9F58EAF87855DA8/714379bfb318ec39566729b2fecce6339ff55daf/17397def-dfec-47bb-b20f-879e223b0e90.txt?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=GOOG1EQX6OZVJGHKK3633AAFGLBUCOOATRACRQRQF6HMSMLYUP6EAD6XSWAAY%2F20200526%2FUS%2Fs3%2Faws4_request&X-Amz-Date=20200526T132703Z&X-Amz-Expires=10&X-Amz-SignedHeaders=host&X-Amz-Signature=86369f603a1c27782899d7df6206b35a4564c70fe4efaea3cb72dd03cfb80b36

Tip: See all example repositories: https://github.com/codecov?query=example
Support channels:
  Email:   hello@codecov.io
  IRC:     #codecov
  Gitter:  https://gitter.im/codecov/support
  Twitter: @codecov
```

just bumping CI really

removing the operation-id may not actually be an improvement ... it is a
simplification, though.  However it requires us to load all the rows into
python and then send them back to the database instead of only loading them.
I thought removing the operation-id from the in-use table would be a win and
maybe it is but not for the reason I thought - sqlite3 emits the same code
whether you do `in [foo]` or `in (select x from [foo])` as far as I can tell.

Still, I like the simplification so we'll go with it for now.

Instead of immediately extracting passes, get them and later mark up the store
with the outcome of the attempt to use them.

Parens can create a tuple or something and we don't want that.

Along with an in-memory implementation of a pass factory that works with it.

`assertThat` and `succeeded` can do the job *most* of the time.

Retry with new passes if an operation fails because the server rejected some passes

If all passes were good but there simply were not enough of them, don't retry.

Replace the tricky _rref property with a decorator.  This guarantees _get_rref
is evaluated for each function call before we do anything with pass generation.

Same logic should apply to the rest of the pass-spending methods.

Then, logic can be extended to cover retry for other failures and putting
passes back in the database for non-spending failures and converged uploads.

Meant this to be in PR#152 but somehow forgot to even commit it...