When a user signs in with phone authentication,
there is no password to reset. The system sends them an OTP,
and if that expires you can send another one.
If you want them to re-sign in with their phone number,
you can send them a new OTP with the same API
as with which you sent the OTP the first time: verifyPhoneNumber.
If the user signed in with email+password (too),
you can send a password reset email through sendPasswordResetEmail.