Ansible's user module calls `usermod -p <hash>` to set passwords.
This was the most significant gap for Ansible interop.
Implementation:
- Add PASSWORD option constant and clap argument (-p/--password)
- Write hash directly to shadow entry, update last_change to today
- Follows the same lock → read → mutate → atomic_write pattern
Tests:
- test_set_password: basic -p flag with hash verification
- test_set_password_long_flag: --password long form
- test_set_password_preserves_other_fields: all 9 shadow fields intact
Also updated e2e Ansible playbook to use native `user: password:`
parameter instead of the chpasswd -e workaround.
Fixes#114