Fix changing user entity while a write is pending in some cases
Add "Use rejected password fragments in password meter" option (default disabled).
Take rejected password fragments into consideration when showing the password strength meter to the user. Security note: this makes the full list of rejected password fragments visible to end users; ensure that there aren't any sensitive password fragments before enabling.
Add new "User-group for compromised passwords" option, which adds uses to the selected user-group when it is detected they have a compromised password on login.
Defaults to disabled. Useful for targeting with notices