Change password validator configuration to be secure

[eganov]

Investigating a security issue on a bank's site led me to this project. The password policy defined in lms.yml configuration file appears to cause numerous productive systems to allow for passwords of length 2. This is because developers apparently miss to override the min_length: 2 validator option in production.

See also password.rst:

AUTH_PASSWORD_VALIDATORS:
-   NAME: django.contrib.auth.password_validation.UserAttributeSimilarityValidator
-   NAME: common.djangoapps.util.password_policy_validators.MinimumLengthValidator
      OPTIONS:
        min_length: 2

Although it is not really the responsibility of this project, I suggest this value to be changed to conform to latest password policy recommendations. For example, regarding password length NIST says minimum of 8. Microsoft says minimum of 12. OWASP says minimum of 8, in some places.