While external-auth accounts with no local password are a thing now, that doesn't necessarily remove the use cases for setting/changing local account passwords, so we may still need this.
Examples:
- When we'd use maintenance/changePassword.php, but we're bloody fed up with having to ssh into the server and run a maintenance script every time the a user shows up five years later having lost all their login information (and either suitably identifies themselves to us some other way or we just genuinely decide we don't care for whatever reason)
- When we were using an external authentication, but now we have to fully import the user locally after all because the external service is going down in a week