Force admin users to set a password when using user mode in session feature

In !16981 (merged) a new feature is introduced for storing the current user mode for admins in the session (admin mode or normal mode), requiring admins to re-enter their credentials before using administrative operations.

In the following discussion it was identified that not all admin users must have enabled a password for web access, which this feature would require.

A potential solution would be to:

@reprazent wrote:

Perhaps adding an admin? check inside User#require_password_creation_for_web? is sufficient, since that would force admins to set a password the next time they log in.

/cc @bufferoverflow