Enforce minimum password requirements

Created by: nicksnyder

Right now our built-in auth provider allows passwords as short as 1 character. I think we should enforce some minimum password length by default (e.g. 12 characters for sourcegraph.com) which is configurable per instance.

This is not urgent because there is no private code on sourcegraph.com and most customers use some form of SSO.

Assigning to @tsenart to triage.