Add password requirements

[sandlerben]

@aharelick said "Agree with max and the suggestions from owasp say we should make the minimum 8 characters. They also say that the recommendations may be out of date, but I think it's a good place to start. Also, we should probably add the validator to RegistrationForm and ResetPasswordForm and ChangePasswordForm."

[maxmcc]

While we're thinking about this, it might be best to use a password entropy estimator rather than a minimum required length—this one developed by Dropbox might be good to try out.

[abhisuri97]

37 fix implementing the zxcvbn password check entropy estimator (javascript not python so users can have a live response for password strength)