Create a system for password expiration

[randomouscrap98]

Enable some way for passwords to be expired, whether manually or by time or etc. What I'm thinking is:

• A new field on users which is the last time their password was reset
• A configuration in the user service which says how long a password is allowed to last
• A specific value (probably 0) where the password will always be expired regardless of the amount of time

You'll need to set the password date field on user create and specifically password update. Luckily this only happens in the user service (it is private data) so it is all contained. The db writer for users will need to copy over that new value, or you need to come up with a system such that this copying is not required. Tests will need to be created to ensure this value is preserved and functions appropriately. I think the default value for password expiration should be incredibly long, so that it doesn't get in the way. I don't think QCS users want their password expiring.

Should we do it right and say you can't pick an existing password? That would require perhaps storing the real password, which is probably less safe than just letting them repick the same password.

[randomouscrap98]

This is implemented but needs to be tested