Revise administrative workflow for user creation

Summary:

• When an administrator creates a user, provide an option to send a welcome

email. Right now this workflow kind of dead-ends.

• Prevent administrators from changing the "System Agent" flag. If they can

change it, they can grab another user's certificate and then act as them. This
is a vaguely weaker security policy than is exhibited elsewhere in the
application. Instead, make user accounts immutably normal users or system agents
at creation time.

• Prevent administrators from changing email addresses after account creation.

Same deal as conduit certs. The 'bin/accountadmin' script can still do this if a
user has a real problem.

• Prevent administrators from resetting passwords. There's no need for this

anymore with welcome emails plus email login and it raises the same issues.

Test Plan:

• Created a new account, selected "send welcome email", got a welcome email,

logged in with the link inside it.

• Created a new system agent.
• Reset an account's password.

Reviewed By: aran
Reviewers: tuomaspelkonen, jungejason, aran
CC: anjali, aran, epriestley
Differential Revision: 379