Fixes#7657

Users with this login type must use tokens to authenticate.
Tokens must come from some other source, not a /login with password
authentication

Cli usage & Output

$ coder users create --disable-login                                                                                                                   48s 12:27:17 PM> Username: noauth2> Email: noauth2@coder.comA new user has been created!Share the instructions below to get them started.—————————————————————————————————————————————————Download the Codercommand linefor your operating system:https://github.com/coder/coder/releasesRun  coder login http://localhost:3000  to authenticate.Your email is:  noauth2@coder.com Login has been disabledfor this user. Contact your administrator to authenticate.Create a workspace   coder create!

Future Work

This is the initial work to disable password authentication on a user by user basis. To polish this feature, I believe we need some extra features.

• Ability to switch a user's login type. So change frompassword ->none, ornone ->oidc. (Allow conversion of email/password authenticated account to OpenID Connect authed account #4505)
• More rbac scopes. Right now if an admin makes an api key for a user, that user can then create many more unrestricted api keys. We might want to add more scopes to limit what a user can do with that key, making theLoginTypeNone completely controllable by the owner/admin that is issuing these tokens. (API Key/Token scopes to prevent creating another api key/token #8011)