Support password validation

[morgo]

Feature Request

Is your feature request related to a problem? Please describe:

MySQL supports the ability to validate a password (for strength complexity, and against a dictionary file). I would like to see similar in TiDB.

Describe the feature you'd like:

The following sysvars should be implemented:

./sessionctx/variable/sysvar.go:        {ScopeGlobal, "validate_password_check_user_name", "OFF"},
./sessionctx/variable/sysvar.go:        {ScopeGlobal, "validate_password_number_count", "1"},
./sessionctx/variable/sysvar.go:        {ScopeGlobal, "validate_password_dictionary_file", ""},
./sessionctx/variable/sysvar.go:        {ScopeGlobal, "validate_password_special_char_count", "1"},
./sessionctx/variable/sysvar.go:        {ScopeGlobal, "validate_password_length", "8"},

The function VALIDATE_PASSWORD_STRENGTH should be implimented.

Describe alternatives you've considered:

N/A

Teachability, Documentation, Adoption, Migration Strategy:

MySQL compatible behavior.

[wjhuang2016]

I'm working on this feature, and I have a question that whether we need to consider utf-8 in password?

[morgo]

@wjhuang2016 great question! We should check how MySQL 8.0 behaves, and if rules like validate_password_length are based on byte or character count.

[wjhuang2016]

I tested with Mysql 8.0 and found that we need to consider utf-8.

1. validate_password_length bases on character count. The length of 你好 would be 2.
2. I'm not sure how upper、 lower or special is count.
   In select VALIDATE_PASSWORD_STRENGTH("你好13579A_"); the result is 100.
   It means that the password contains a lower character.

[dveeden]

@CbcWestwolf @lastincisor I think this is related to the other tickets about password validation isn't it?

[CbcWestwolf]

Yes, it's a requirement from our customer. I track it in another issue #38923