ui: user: password change: require a confirmation-password

ui: user: password change: require a confirmation-password

To hedge against a scenario where an attacker has local or even
physical access to a computer where a user is logged in.

While that general scenario cannot neither get detected nor really
secured against, at least not without requiring re-authentication on
every API call that can have side-effect (i.e., all but GET method),
it still makes sense to ensure that credentials cannot be modified,
which would allow denial of service.

See the related pve-access-control commit 5bcf553 ("user: password
change: require confirmation-password parameter")

Reported-by: Wouter Arts <security@wth-security.nl>
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>