pam: attempt to unlock login keyring for passwordless accounts
If an account has no password, pam_get_item (ph, PAM_AUTHTOK, &password) returns PAM_SUCCESS and sets password to NULL. In this case, we would previously not attempt to unlock the login keyring. Without this change, a passwordless account created after the first boot does not automatically get a login keyring, so launching an application (such as Chromium) which uses the login keyring causes the user to be prompted to create one. The stock version of gnome-control-center does not permit creating passwordless accounts, but there's nothing to stop an administrator creating one the old-fashioned way. Endless's fork of gnome-control-center adds UI to create passwordless accounts, which makes this situation more likely. Endless also patches gnome-initial-setup to allow creating the initial administrator account with no password, but that account doesn't hit this problem because gnome-initial-setup manually creates a keyring and sets its passphrase to "" when it's done. (This keyring is not unlocked at login, but it is silently unlocked when it's needed, which is equivalent from the user's perspective.)