* config: Add minimum password complexity option
* PasswordManager: add function for checking if complexity is sufficient
* Enforce password complexity on registration, change and recovery
* cli: Use exit code 1 for weak passwords
This seems preferable to exit code 0, but ideally we should choose one
and document it.
* Expose minimum password complexity score over GraphQL
This should avoid loading the same files multiple times.
It should also make it easier to do post-processing on the
configuration, like validation.
This does deprecate one undocumented feature: the ability to override
some fields during the configuration generation using environment
variables.
