Support minimum zxcvbn score as a password policy

[knpwrs]

Feature Description

Currently if you try to register with the password, password, Authorizer says the following:

password is not valid. It needs to be at least 6 characters long and contain at least one number, one uppercase letter, one lowercase letter and one special character

This password policy doesn't actually promote secure passwords. Consider the feedback from zxcvbn:

Your password was exposed by a data breach on the Internet.

Suggestions:

• Add more words that are less common.
• If you use this password elsewhere, you should change it.

Authorizer currently permits this password: passworD12!. zxcvbn gives it a score of 0, noting that it would only take five hours to crack at 100 guesses per hour.

Describe the solution you'd like

It would be great to be able to define a minimum zxcvbn score for passwords, such as MINIMUM_ZXCVBN_SCORE=3 defined in the environment.

Additional context

zxcvbn is a library originally implemented by Dropbox designed to provide feedback and scores for passwords. Its design is inspired by password crackers. It also supports checking for patterns matching user input, e.g., their name or email address.

Online demo of zxcvbn: https://zxcvbn-ts.github.io/zxcvbn/demo/

Go implementation of zxcvbn: https://github.com/nbutton23/zxcvbn-go

[lakhansamani]

@knpwrs thank you for creating this issue will definitely try to add it in upcoming releases