Fix CVE-2009-3548.

      When installing using defaults, don't create an administrative user with a blank password
Note: This is already public - it was discussed on the users list. The formal announcement will go out shortly.
The patch also includes making the Manager and Host-Manager applications separately selectable with the addition of an administrative user only enabled if one of the manager apps is selected

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@834047 13f79535-47bb-0310-9956-ffa450edef68