Admin password blank by default, must be proactively set

[IanDavey]

The admin password has to be set manually in the user manager upon a fresh install, otherwise it is blank. This encourages bad security practice among DBAs and could increase the likelihood and severity of breaches if deployed at scale.

Possible solution: screen at setup similar to eXist's for setting the admin password.