Document OmniAuth/Social sign-in password security

Problem to solve

If a user signs in to GitLab for the first time using Social Sign-in (Google, GitHub, etc), LDAP or SAML, GitLab will automatically create a user. The local GitLab password is 'obscured' by generating a random Devise token of max password length. By default the max password length is 128 characters. This means the account is really secure because any random password of 128 characters will be very difficult to brute force.

A user asked about this behavior on Twitter - https://twitter.com/FrancoisGervai2/status/1277444814980763653. We should document this for the future.