fix: PATCH all mock users to disable must_change_password (#668)

Forgejo's admin API POST /admin/users may not honor
must_change_password:false in the request body. Previously only admin
users got a PATCH (to set admin:true), which incidentally cleared
must_change_password. Bot users had no PATCH, so basic auth for token
creation returned 401.

Now every mock-created user gets a PATCH to explicitly set
must_change_password:false, fixing bot token creation.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

tests/smoke-init.sh

@@ -150,15 +150,20 @@ if [ "${1:-}" = "exec" ]; then
         exit 1
       fi
 
-      # Promote to site admin if requested
+      # Patch user: ensure must_change_password is false (Forgejo admin
+      # API POST may ignore it) and promote to admin if requested
+      patch_body="{\"must_change_password\":false,\"login_name\":\"${username}\",\"source_id\":0"
       if [ "$is_admin" = "true" ]; then
-        curl -sf -X PATCH \
-          -u "$BOOTSTRAP_CREDS" \
-          -H "Content-Type: application/json" \
-          "${FORGE_URL}/api/v1/admin/users/${username}" \
-          -d "{\"admin\":true,\"login_name\":\"${username}\",\"source_id\":0}" \
-          >/dev/null 2>&1 || true
+        patch_body="${patch_body},\"admin\":true"
       fi
+      patch_body="${patch_body}}"
+
+      curl -sf -X PATCH \
+        -u "$BOOTSTRAP_CREDS" \
+        -H "Content-Type: application/json" \
+        "${FORGE_URL}/api/v1/admin/users/${username}" \
+        -d "${patch_body}" \
+        >/dev/null 2>&1 || true
 
       echo "New user '${username}' has been successfully created!"
       exit 0