User routes needs to validate for weak vs strong passwords

[kaedub]

The current route will accept almost anything as a password. Implement some validation and even a system to measure the strength of passwords.

[PrismaPhonic]

This is typically done on the frontend (password "suggestions"). We could have some simple backend validation for length but beyond that there's not much evidence that a bunch of random characters makes something a "strong" password.