Make users explicitly opt-in to admins accessing their account

And then only allow admins to log in as the user if the user has checked that box.

This could help a bit with all the caveats in the README, as it forces admins to keep users in-the-know.
