Backend work to support minimum password complexity (#2965)

* config: Add minimum password complexity option

* PasswordManager: add function for checking if complexity is sufficient

* Enforce password complexity on registration, change and recovery

* cli: Use exit code 1 for weak passwords

This seems preferable to exit code 0, but ideally we should choose one
and document it.

* Expose minimum password complexity score over GraphQL

frontend/schema.graphql

@@ -1388,6 +1388,12 @@ type SiteConfig implements Node {
   """
   passwordChangeAllowed: Boolean!
   """
+  Minimum password complexity, from 0 to 4, in terms of a zxcvbn score.
+  The exact scorer (including dictionaries and other data tables)
+  in use is <https://crates.io/crates/zxcvbn>.
+  """
+  minimumPasswordComplexity: Int!
+  """
   The ID of the site configuration.
   """
   id: ID!

frontend/src/gql/graphql.ts

@@ -1022,6 +1022,12 @@ export type SiteConfig = Node & {
   id: Scalars['ID']['output'];
   /** Imprint to show in the footer. */
   imprint?: Maybe<Scalars['String']['output']>;
+  /**
+   * Minimum password complexity, from 0 to 4, in terms of a zxcvbn score.
+   * The exact scorer (including dictionaries and other data tables)
+   * in use is <https://crates.io/crates/zxcvbn>.
+   */
+  minimumPasswordComplexity: Scalars['Int']['output'];
   /** Whether passwords are enabled and users can change their own passwords. */
   passwordChangeAllowed: Scalars['Boolean']['output'];
   /** Whether passwords are enabled for login. */

frontend/src/gql/schema.ts

@@ -2554,6 +2554,17 @@ export default {
             },
             "args": []
           },
+          {
+            "name": "minimumPasswordComplexity",
+            "type": {
+              "kind": "NON_NULL",
+              "ofType": {
+                "kind": "SCALAR",
+                "name": "Any"
+              }
+            },
+            "args": []
+          },
           {
             "name": "passwordChangeAllowed",
             "type": {