Add zxcvbn for realistic crack time estimates in password validation.

[san-rizz-777]

Contributor checklist

• This pull request is on a separate branch and not the main branch
• I have run the tests for the backend and frontend depending on what's needed for my changes as described in the testing section of the contributing guide

---

Description

This PR replaces generic password strength validation messages with realistic estimated crack times using the zxcvbn library. Instead of showing scores like "weak" or "strong", users now see how long it would take to crack their password (e.g., "3 hours", "centuries"), making password requirements more tangible and actionable.

Changes made:

• Integrated zxcvbn library for password strength analysis
• Updated validation logic to display estimated crack time for offline fast hashing scenario (1e10 per second)
• Enhanced error messages to include specific feedback suggestions from zxcvbn
• Added zxcvbn to requirements.in and requirements.dev.in
• Updated password validation in serializers.py

Testing:

• Ran ruff format ./backend - code formatted successfully
• Ran ruff check ./backend - linting passed
• Ran mypy ./backend --config-file ./backend/pyproject.toml - type checks passed
• Started Docker container and ran pytest - all tests passed

Related issue

• Change message about how strong the password is in auth routes to be how long it would take to crack the password #1549

[netlify]

✅ Deploy Preview for activist-org ready!

Name	Link
🔨 Latest commit	0a2c4b1
🔍 Latest deploy log	https://app.netlify.com/projects/activist-org/deploys/68e55b7e6035f100089dabc2
😎 Deploy Preview	https://deploy-preview-1560--activist-org.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[github-actions]

Thank you for the pull request! ❤️

The activist team will do our best to address your contribution as soon as we can. If you're not already a member of our public Matrix community, please consider joining! We'd suggest that you use the Element client as well as Element X for a mobile app, and definitely join the General and Development rooms once you're in. Also consider attending our bi-weekly Saturday developer syncs! It'd be great to meet you 😊

[github-actions]

Maintainer Checklist

The following is a checklist for maintainers to make sure this process goes as well as possible. Feel free to address the points below yourself in further commits if you realize that actions are needed :)

• The TypeScript, pytest and formatting workflows within the PR checks do not indicate new errors in the files changed

• The Playwright end to end and Zap penetration tests have been ran and are passing (if necessary)

• The changelog has been updated with a description of the changes for the upcoming release and the corresponding issue (if necessary)

[github-actions]

First PR Commit Check

• The commit messages for the remote branch of a new contributor should be checked to make sure their email is set up correctly so that they receive credit for their contribution
  • The contributor's name and icon in remote commits should be the same as what appears in the PR
  • If there's a mismatch, the contributor needs to make sure that the email they use for GitHub matches what they have for git config user.email in their local activist repo (can be set with git config --global user.email "GITHUB_EMAIL")

[andrewtavis]

Thanks for the PR, @san-rizz-777! We'll try to get to the review in the coming days :) Could you remove the yarn.lock file that looks to be included by mistake though?

[AlankarJagtap]

hello, i am looking for any contributions. is there something i can help with?