let uiHost be set by security question in admin init. Beef up language around security question.

[dceejay]

(force to 127.0.0.1 if no admin password)

• Bugfix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)

Proposed changes

This change beefs up the language about choosing a password... ie by adding
" DO NOT select No if you will expose Node-RED to the internet - or you will be hacked!"

If the user then still selects no it then changes the uiHost setting to be 127.0.0.1 so that only the local browser can connect and edit by default.

This only happens when you run node-red admin init - so won't affect existing users.

In parallel - The Pi install script will change to always run admin init if there is no settings file (IE a clean install) - so it should now be almost mandatory for new (Pi/debian/ubuntu) users to set an admin password...

Checklist

• I have read the contribution guidelines
• For non-bugfix PRs, I have discussed this change on the forum/slack team.
• I have run grunt to verify the unit tests pass
• I have added suitable unit tests to cover the new/changed functionality

[coveralls]

coverage: 81.563%. remained the same
when pulling e3cdfbd on add-uiHost-to-variables
into cdbd002 on master.