Reset_user feature and bugfixes

Joe Conway (2):
Add new variants of set_user and reset_user which allow a token to be set initially and if so required to be present and match at reset time.
In previous commit, two new versions of the existing functions were created, but I neglected to provide the permissions matching the originals. Fix that.