Add ability for a user to change their password without invalidating their other devices

[anoadragon453]

#2722 (relevant commit) changed things so devices of a user (other than the one making the request) are deleted upon a password change.

It'd be nice if a user was able to change their password without resetting all of their devices (in the case that they just want a different, maybe more secure password, rather than their account being hacked).

[aaronraimist]

Also add that option to the admin API https://github.com/matrix-org/synapse/blob/master/docs/admin_api/user_admin_api.rst#reset-password

[richvdh]

@neilisfragile to discuss the UX implications of this with @lampholder

[neilisfragile]

After irl, we want the option to specify via the API but default to the current behaviour. So exactly as @lampholder describes above.

The idea being that the client can support ' I've been hacked, delete all devices!!!' flow along side a 'oh I just want to update my password' flow.

[clokep]

Done in #7085.