Refactor password validity checking

Refactor password validity checking

Refactor the password checks to return a status object, so the function
can handle the entire error message, or return multiple error messages.

This patchset aims to keep the functionality identical. A followup
patchset can further improve the functionality. E.g., although
getPasswordValidity stated it could return an array of messages, it
never did so except from the hook, so most callers expect and handle a
single string.

Change-Id: I87644486f5572dc067ebdbacd01fb39c67e5612a