orchestrate.py

* separated non-interactive script (password generated by default), no users from puppet
* image user update in puppet still needed
* explicit image user setup in deployment stage
* no example users
* explain in the documentation