Improve default password policy

[signebedi]

The default password policy, reproduced below, limits the special characters that will be accepted:

PASSWORD_REGEX: str = os.getenv('PASSWORD_REGEX', r'^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[!@#$%^&*()_+[\]{};\'\\:"|,.<>/?])[A-Za-z\d!@#$%^&*()_+[\]{};\'\\:"|,.<>/?]{8,}$')
PASSWORD_HELPER_TEXT: str = os.getenv('PASSWORD_HELPER_TEXT', "Password must be 8+ characters, must include at least one uppercase letter, at least one lowercase letter, at least one number, and at least one of the following symbols: ! @ $ % & * ?")

We should, I think, permit a wider range of special characters.

Additionally, the create_user and change_password jinja2 templates hardcode the password message and regex, despite these being available in the application config. There is probably an issue converting a regex from a raw python string to a javascript regex / string literal. We should address this as part of this issue, too, so that the front-end regex / message is the same as the backend.

[signebedi]

[bug] Forgot password confirmation does not test for regexes The jinja2 templates for create_user and change_password assess passwords against a regex. But, the forgot_password_confirm template does not. This seems to have been an expediency, which we need to fix now.