users: clean up password update logic.

Pull the password reauthentication logic out of the user model and put
it in the password update controller where it belongs.

This fixes an issue where when a new user was created the user model had
an incorrect password error set on it by `encrypt_password_on_update`.
It was trying to verify the old password even though we don't have one
when creating a new user. This error caused the user create action to
redirect back to the signup page because `respond_with` thought that
creating the user failed.

test/functional/users_controller_test.rb

@@ -118,6 +118,7 @@ class UsersControllerTest < ActionDispatch::IntegrationTest
 
         assert_redirected_to User.last
         assert_equal("xxx", User.last.name)
+        assert_equal(User.last, User.authenticate("xxx", "xxxxx1"))
         assert_equal(nil, User.last.email_address)
         assert_no_enqueued_emails
       end
@@ -127,6 +128,7 @@ class UsersControllerTest < ActionDispatch::IntegrationTest
 
         assert_redirected_to User.last
         assert_equal("xxx", User.last.name)
+        assert_equal(User.last, User.authenticate("xxx", "xxxxx1"))
         assert_equal("webmaster@danbooru.donmai.us", User.last.email_address.address)
         assert_enqueued_email_with UserMailer, :welcome_user, args: [User.last]
       end