[proto] introduce new privileged rpcs for resetting user passwords

Summary: we'll call these rpcs from a keyserver script when a user needs their password reset. will only allow-list ashoat's user ID for the time being, as we do with the privileged delete user rpc

Test Plan: tested at end of stack by calling rpcs from keyserver script

Reviewers: ashoat

Reviewed By: ashoat

Subscribers: tomek

Differential Revision: https://phab.comm.dev/D13759