Add support for blacklisting common passwords
This changes the default config to not allow the top 25 passwords
to be used by Sysop/Crats. This should almost certainly be set to
a higher number, but I think its best to wait until after this is
comitted to argue over what the best value is.
I would expect that once this is comitted, there would be a config
change for wmf wikis, so that there is no change until this has
been discussed with the community.
The included common password file was generated from the first
10000 entries of
https://github.com/danielmiessler/SecLists/blob/master/Passwords/rockyou.txt?raw=true
10,000 was chosen based on csteipp's suggestion.
Change-Id: I26a9e8f2318a1eed33d7638b125695e8de3a9796