Move most of the password changing code to the backend, as I just did

for email changes. Currently, the hash is passed in on the command
line from the web interface, and there is no method for invoking it on
the command line and providing a text password, but that is an easy
change now that the bulk of the code is in the backend instead of the
web interface.

Note that this change took longer cause we allow inactive,frozen, and
wikionly users to change their password, but since they do not have
accounts (yet) the operation is invoked as user "nobody" and tbacct
about to me made aware of that possibility.

Also add equivalent auditing email message that goes to the user when
password is changed.

Also more cleanup and conversion to objects.