start-domain needs to be enhanced to optionally require an admin password to be set at startup if no admin password has been configured on the domain.
The proposed way to implement this is to define a magic token that when set in the admin-keyfile for the admin password hash means that the user is required to set a password before being able to start the domain.
For example the admin-keyfile may contain something like:
start-domain must detect the magic token "RESET" and prompt the user for an admin password.
If secure admin is enabled then it must require a non-null password.