feat: implement password_reset_required flag and enforcement logic

[BasavarajBankolli]

SUMMARY

This PR implements a "Force Password Reset" feature. It adds a password_reset_required boolean field to the User model, allowing administrators to flag accounts that must change their password before they can access the rest of the API.

Design Decisions:

• Storage: Injected the field directly into the auth.User model via add_to_class in awx/main/models/__init__.py to ensure it is a native attribute of the user.
• Enforcement: Overrode the get method in UserDetail view. If the flag is True, the API returns a 403 Forbidden with a JSON body indicating a reset is required. This signal allows the frontend to redirect the user to the password change page.

ISSUE TYPE

• New or Enhanced Feature

COMPONENT NAME

• API

ADDITIONAL INFORMATION

This change provides a way for security administrators to ensure credentials are rotated when suspected compromise occurs or as part of a standard security policy.

Verification performed:

1. Created a manual migration (0205_add_password_reset_flag.py) to handle the database schema update.
2. Updated UserSerializer to ensure the field is accessible and writable by administrators.

# Verbatim logic added to UserDetail:
if getattr(obj, 'password_reset_required', False):
    return Response({
        "detail": _("Password reset is required before you can continue."),
        "password_reset_required": True
    }, status=status.HTTP_403_FORBIDDEN)

---

[AlanCoding]

I don't actually believe this works. The model is auth.User, meaning that it comes from the django.contrib app. And this migration is for the main app, basically the AWX app.

The User model being in an app we don't control has been a major thorn in our sides for a long time. But it is difficult to change.