1) Change the link on the register welcome dialog to use the change password form.
thanks to TAZattitude for pointing the way.
2) Address the issue that default change password form, expects the user to know
the old password. As this is the first login, they might not write down the
generated password, so when they get to form, they are screwed, as they can't
change the password w/o the old one. So we register will generate a clone
of the password change form, where the old password is supplied as a hidden
field.
This change implements all the modes:
* Visitors cannot create users
* Visitors can create an account without confirmation nor admin approval
* Visitors can create an account with conformation and admin approval
* Visitors can create an account with confirmation and no admin approval