Password should not be stored in the database
This is a security issue.
The password should be hashed and salted before storing it in the database.
Maybe we should also the reset password from @WebServlet("/api/admin/user") endpoint on the GET request.
Admin should only be allowed to submit a new password like already implemented in the PUT request.