Extensions often need to do things as users, and so create “system users” for this purpose. There seems to be a few different ways of doing this. Most start by creating a new user:
$user = User::newSystemUser( 'CoolExtension sys user', [ 'steal' => true ] );
And then often add it to the bot
group:
$user->addGroup( 'bot' );
Or give it some new rights directly, without giving it a group:
$user->mRights = array_merge( $user->getRights(), [ 'upload' ] );
Or they might validate its email:
$user->confirmEmail();
$user->saveSettings(); // Even if it's already confirmed?
Are these examples correct form? What’s the right way to do this stuff? Are all system users also called bots (and should therefore be in the bots group)? What’s the expected behaviour of one of these users (as far as sysops changing their names, permissions, etc.)?