Force users to change password

This commit applies the password_expiration setting to all users.
Users won't be able to do anything other than update password until it's done.

database/migrations/2021_01_06_040550_add_password_last_updated_to_users.php

@@ -0,0 +1,34 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+class AddPasswordLastUpdatedToUsers extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        Schema::table('users', function (Blueprint $table) {
+            $table->timestamp('password_last_updated')->after('remember_token')->nullable();
+            $table->boolean('administratively_locked')->after('email')->default(false)->comment('Account locked by settings changes, e.g. 2fa grace period timeout');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        Schema::table('users', function (Blueprint $table) {
+            $table->dropColumn('password_last_updated');
+            $table->dropColumn('administratively_locked');
+        });
+    }
+}