Add documentation for support of score-based password verification[DOC]

[cwillum]

What do you want to do?
Add documentation for support of score-based password verification using the zxcvbn library.

• Request a change to existing documentation
• Add new documentation
• Report a technical problem with the documentation
• Other

Tell us about your request.
Two new settings have been added to support this feature:

• plugins.security.restapi.password_min_length
• plugins.security.restapi.password_score_based_validation_strength

What other resources are available?
This issue is based on Security PR #2557.

[RyanL1997]

Hi @cwillum, thank you for follow up on this, and here is a brief summary of some of the specific details of the password validation:

1. If the user enable the password strength feature, it will only apply on the non-reserved internal user, which are the users created by internal user api. The reserved users will not apply these rules.
2. The minimum password length required under these validation rules are 8.
3. The possible values the strength of the valid password:
   fair - very guessable password: protection from throttled online attacks
   good - somewhat guessable password: protection from unthrottled online attacks
   strong - safely unguessable password: moderate protection from offline slow-hash scenario
   very_strong - very unguessable password: strong protection from offline slow-hash scenario
4. By default the plugin always checks strength of the password and its minimal length together with the regular expression if its set.

[cwillum]

@RyanL1997 Many thanks for summarizing the changes.