Add setting to not require users to have usable password

[stan-sack]

Background

• Currently django-rest-passwordreset requires that a user has a usable password before they are able to reset their password because some users such as LDAP users shouldn't be able to change their password
• I have run into a use case where users who are signed in via social media (eg Facebook or Google), may try and reset their password. They have a valid email and should be able to reset their password even if they don't have one set yet.
• I am proposing to add a setting DJANGO_REST_MULTITOKENAUTH_REQUIRE_USABLE_PASSWORD which when set to False would allow users without a reusable password to reset their password

Changes

• Add DJANGO_REST_MULTITOKENAUTH_REQUIRE_USABLE_PASSWORD setting
• Abstract reset eligibility into User.eligible_for_reset() rather than a long conditional
  • This method checks has_usable_password() when DJANGO_REST_MULTITOKENAUTH_REQUIRE_USABLE_PASSWORD == True (this is default behaviour)

Testing

• Added test case for default behaviour (this ensures backwards compatibility)
• Added test case for new behaviour

[stan-sack]

@anx-ckreuzberger, I hope you don't mind that I've made a PR for this as well. It's the other issue I ran into when using your library. Please let me know what you think.