In the whitepaper, the protocol for updating a user's password involves running password-based login (with the existing password) before re-running password-based registration (with the new password). Presumably, we'll want to run password-based login before deleting a user's account, too.
This diff updates identity_auth.proto to run password-based login as part of the UpdateUserPassword and DeleteUser workflows. Once this is finalized, I'll update this diff to include the grpc-web, identity service, and other client changes.