Check passwords against HaveIBeenPwned (#12716)

* Implement pwn

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Update module

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Apply suggestions mrsdizzie

Co-authored-by: mrsdizzie <info@mrsdizzie.com>

* Add link to HIBP

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Add more details to admin command

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Add context to pwn

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Consistency and making some noise ;)

Signed-off-by: jolheiser <john.olheiser@gmail.com>

Co-authored-by: mrsdizzie <info@mrsdizzie.com>
Co-authored-by: zeripath <art27@cantab.net>

custom/conf/app.example.ini

@@ -433,7 +433,7 @@ REPO_INDEXER_TYPE = bleve
 ; Index file used for code search.
 REPO_INDEXER_PATH = indexers/repos.bleve
 ; Code indexer connection string, available when `REPO_INDEXER_TYPE` is elasticsearch. i.e. http://elastic:changeme@localhost:9200
-REPO_INDEXER_CONN_STR = 
+REPO_INDEXER_CONN_STR =
 ; Code indexer name, available when `REPO_INDEXER_TYPE` is elasticsearch
 REPO_INDEXER_NAME = gitea_codes
 
@@ -512,6 +512,8 @@ PASSWORD_COMPLEXITY = off
 PASSWORD_HASH_ALGO = argon2
 ; Set false to allow JavaScript to read CSRF cookie
 CSRF_COOKIE_HTTP_ONLY = true
+; Validate against https://haveibeenpwned.com/Passwords to see if a password has been exposed
+PASSWORD_CHECK_PWN = false
 
 [openid]
 ;