[Enhancement] Add forced password reset after initial admin seed

[csharpfritz]

Updated Scope (per Jeff)

The hardcoded admin credentials (\Admin123!) are intentional for dev/initial-install workflows. This is a developer convenience feature, not a security vulnerability in the traditional sense.

What we want instead:

• Keep \Admin123!\ as the default seed password for development mode
• Keep the admin user seeding on first run
• Add a forced password reset mechanism on first production login
• Remove the password string from \ActivityEvent\ trace logging (no reason to log it)
• Detect environment (Development vs Production) and warn or block if default creds are still active in production

Revised priority: Downgraded from P0 to Medium this is a hardening enhancement, not a critical vulnerability.

Suggested Implementation

1. Add a \MustChangePassword\ flag to the admin user on seed
2. On login, if \MustChangePassword\ is true, redirect to a forced password change page
3. In Production environment, log a warning at startup if the default admin password hasn't been changed
4. Remove the password string from the ActivityEvent trace

[csharpfritz]

Triage: Enhancement

Routed to @simon. Forced password reset for initial admin user on first production login.

Priority: 4 (security hardening)
Effort: 3-4 hours
Scope (per Jeff):

• Add MustChangePassword flag to seeded admin user
• On login, if flag true redirect to forced password change page
• In Production env: warn at startup if default creds still active
• Remove password from ActivityEvent trace logging

Keep Admin123! as dev default; make reset mandatory in production.

[csharpfritz]

Fixed in commit c52c02e. Claims-based MustChangePassword, ForceChangePassword SSR page, middleware safety net, removed password from traces, production startup warning. Part of PR #352.