pam: attempt to unlock login keyring for passwordless accounts

If an account has no password, pam_get_item (ph, PAM_AUTHTOK, &password)
returns PAM_SUCCESS and sets password to NULL. In this case, we would
previously not attempt to unlock the login keyring.

Without this change, a passwordless account created after the first boot
does not automatically get a login keyring, so launching an application
(such as Chromium) which uses the login keyring causes the user to be
prompted to create one.

The stock version of gnome-control-center does not permit creating
passwordless accounts, but there's nothing to stop an administrator
creating one the old-fashioned way.

Endless's fork of gnome-control-center adds UI to create passwordless
accounts, which makes this situation more likely. Endless also patches
gnome-initial-setup to allow creating the initial administrator account
with no password, but that account doesn't hit this problem because
gnome-initial-setup manually creates a keyring and sets its passphrase
to "" when it's done. (This keyring is not unlocked at login, but it is
silently unlocked when it's needed, which is equivalent from the user's
6 jobs for create-and-unlock-login-keyring-for-passwordless-accounts in 19 minutes and 16 seconds (queued for 24 minutes and 6 seconds)