Previously the API did not correctly handle the force_random_password
option. It was not being treated as one of the 3 viable password-
setting options. This adds it as the 3rd, and fixes the test coverage,
which was not properly testing this use case.