fix can change password check in case of encryption is enabled

Admin should _not_ be able to change password when:
- if an encryption module is loaded and it uses per-user keys
- if encryption is enabled but no encryption modules are loaded

Admin should be able to change the password when:
- no encryption module is loaded and encryption is disabled
- encryption module is loaded but it doesn't require per user keys

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>