Based on OpenIDM-6325 and this PR
Current password policies require that a user supply an existing (local) password.
Users who connect via social auth do not have an existing local password (at least at first)
- in bin/defaults/script
- customAuthz.js, populateAsManagedUser.js
- Policy Chapter
- Review extensive changes in policy.js
- Note change from re-auth-required policy to `'isProtected" : true` – can be used for more than passwords (e.g. new security questions)
- Auth chapter
- Review changes in authentication.json, at least for MANAGED_USER
- Review MANAGED_USER code samples in other doc
- Passwords chapter Update at least sample code blocks – possibly explanation too.