Force random password on first run. Stop using Crafty as default password

What does this MR do and why?

Updates first creation procedures to add admin user and a random password. This will prevent user accounts from being broken into due to not changing the default credentials.

The newly created credentials will be dumped into app/config/default-creds.txt where the user can copy and paste the default password.

We will still strongly encourage the user to create their own strong password and/or delete default-creds.txt.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• Have you checked this doesn't interfere/conflict/duplicate someone elses work?
• Have you fully tested your changes?
• Have you resolved any lint issues?
• Have you assigned a reviewer?
• Have you applied correct labels?