Add a flag to disable built-in authentication for all users without the "owner" role.

To avoid admin lock-out situations, we should add a coder server create-admin-user command which creates a password-auth owner user.