I would like users who originally signed up with a social account such as Google or Twitter to be able to optionally enable login using an email and password. Is this something that can be done without creating a second account and linking them together?
The answer to the question in the title is yes, you can have an email/password credentials identity associated with a user that originally authenticated with a social connection.
However, the current process to achieve a end-user account that has two associated identities that can both be used to login into that account is the one you’re trying to avoid. In particular, you would create a email/password user and then link the accounts; the linking process would mean you would transform two end-user accounts into a single one that has two identities. What are you trying to avoid by wanting to use a different process?