volume.Import: write data with sufficient privs
Not sure how this ever worked before, if it did.
The device nodes pointed to by /dev/qubes_dom0/* are owned by
root:disk with perms 660, qubes user is not in disk group,
and service is invoked as qubes user, not root.