providers/ldap: set password_change_date in check_pwd_last_set to avoid loop ending user sessions

[tograss]

Details

closes #11436
Explanation:
In (ms_)check_pwd_last_set the line
if created or pwd_last_set > user.password_change_date:
test if the pw in the ldap store is newer than the authentik one. If so
user.set_unusable_password() user.save()
Is executed. Changing the user password (correctly) ends all user sessions. See https://docs.djangoproject.com/en/5.1/topics/auth/default/#:~:text=Django%20also%20provides%20views%20and,log%20out%20all%20their%20sessions.
However, since user.password_change_date is not set the next ldap_sync will lockout the user again.
I think this wasn't a problem when during login the user pw was always saved to the authentik database. Since this changed a while ago this is now a bug.

The fix is to simply set the password_change_date to the ldap date. One might argue it should be the time the ldap sync run, but I think it is easier to understand for an administrator if the ldap date and the authentik date are the same.

---

Checklist

• Local tests pass (ak test authentik/)
• The code has been formatted (make lint-fix)

If an API change has been made

• The API schema has been updated (make gen-build)

If changes to the frontend have been made

• The code has been formatted (make web)

If applicable

• The documentation has been updated
• The documentation has been formatted (make website)

[netlify]

✅ Deploy Preview for authentik-storybook canceled.

Name	Link
🔨 Latest commit	e0541fe
🔍 Latest deploy log	https://app.netlify.com/sites/authentik-storybook/deploys/672c9a13e44ffe0008e1755b

[netlify]

✅ Deploy Preview for authentik-docs canceled.

Name	Link
🔨 Latest commit	e0541fe
🔍 Latest deploy log	https://app.netlify.com/sites/authentik-docs/deploys/672c9a130e829a000874bced

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 50.47%. Comparing base (0f8d497) to head (e0541fe).
Report is 10 commits behind head on main.

❗ There is a different number of reports uploaded between BASE (0f8d497) and HEAD (e0541fe). Click for more details.

HEAD has 3 uploads less than BASE

Flag	BASE (0f8d497)	HEAD (e0541fe)
e2e	8	7
unit	2	0

Additional details and impacted files

@@             Coverage Diff             @@
##             main   #11913       +/-   ##
===========================================
- Coverage   92.57%   50.47%   -42.10%     
===========================================
  Files         761      759        -2     
  Lines       37813    37547      -266     
===========================================
- Hits        35004    18953    -16051     
- Misses       2809    18594    +15785     

Flag	Coverage Δ
e2e	49.19% <100.00%> (+0.09%)	⬆️
integration	24.93% <42.85%> (+0.01%)	⬆️
unit	?

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.