Add a flag to disable built-in authentication for all users without the "owner" role. To avoid admin lock-out situations, we should add a `coder server create-admin-user` command which creates a password-auth owner user.