fix: invalidate all sessions when password changes

Pretty simple check, we call `sessionManager.resetKey()` if the recovery code is provided. Either that's a new install or changing a password on an existing. either way it's a new session.

[ci skip]

Author: tegefaulkes

src/PolykeyAgent.ts

@@ -394,6 +394,9 @@ class PolykeyAgent {
           logger: logger.getChild(SessionManager.name),
           fresh,
         }));
+      // If a recovery code is provided then we reset any sessions in case the
+      //  password changed.
+      if (keyRingConfig.recoveryCode != null) await sessionManager.resetKey();
       grpcServerClient =
         grpcServerClient ??
         new GRPCServer({