Improve password management

[nadonomy]

Summary Today, password reset in Element behaves unexpectedly:

• Asking users to set their password before they validate their email address is an atypical journey they don't have affordance for
• We should validate password complexity requirements server side
• We should implement password complexity on all platforms (currently lacking on iOS & Android)
• We should prompt to log out other devices when rotating passwords

[manmis]

I hope I don't misunderstand the scope of this issue, but it should be possible to retain the session-ID to avoid re-verification of identities, if I understand the last point correctly. Users would not understand why they should verify their devices/encryption again only they changed the password. I'm refering here to point 4 to "prompt to log out other devices when rotating passwords".

[Julian-Dumitrascu]

Let's improve identification instead!