Support installs without a web password

[AzureMarker]

If SetupVarsEntry::WebPassword is empty, we still treat that as a password hash. However, that prevents anyone from logging in via the web interface.

If the password is empty, we should allow unauthenticated access to endpoints which require auth.

We should also signal to the web interface in some way that it should skip the logged out state (immediately set loggedIn to true).