Allow passwords to be edited even if account.editable is false

Summary:
Fixes T5900. We have some very old code here which does not let you update your password if the `account.editable` flag is set.

This was approximately introduced in D890, and I think it was mostly copy/pasted at that point. I'm not sure this ever really made sense. The option is not documented as affecting this, for example. In the modern environment of auth providers, it definitely does not make sense.

Instead, always allow users to change passwords if the install has a password provider configured.

Test Plan:
  - Set `account.editable` to false.
  - Used a password reset link.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T5900

Differential Revision: https://secure.phabricator.com/D10331

src/applications/auth/controller/PhabricatorAuthOneTimeLoginController.php

@@ -120,7 +120,7 @@ final class PhabricatorAuthOneTimeLoginController
       $next = '/';
       if (!PhabricatorPasswordAuthProvider::getPasswordProvider()) {
         $next = '/settings/panel/external/';
-      } else if (PhabricatorEnv::getEnvConfig('account.editable')) {
+      } else {
 
         // We're going to let the user reset their password without knowing
         // the old one. Generate a one-time token for that.

src/applications/settings/panel/PhabricatorSettingsPanelPassword.php

@@ -16,15 +16,8 @@ final class PhabricatorSettingsPanelPassword
   }
 
   public function isEnabled() {
-    // There's no sense in showing a change password panel if the user
-    // can't change their password...
-
-    if (!PhabricatorEnv::getEnvConfig('account.editable')) {
-      return false;
-    }
-
-    // ...or this install doesn't support password authentication at all.
-
+    // There's no sense in showing a change password panel if this install
+    // doesn't support password authentication.
     if (!PhabricatorPasswordAuthProvider::getPasswordProvider()) {
       return false;
     }