Is there a way to trigger a notification email (to the user) in Cognito when that user's password is successfully changed?

Unfortunately, there is no way to do this. There is a limited set of triggers that you can link Lambdas to, but none of them fire when a user changes their password.

The closest you could get would be to use the Custom Email Sender lambda trigger, but that only fires for passwords when a user uses the "forgot password" feature.

The only workaround I can think of is to do user auth through a custom external SAML-based IdP, where you would have full control over password management and related triggers.