🔒️(passwords) add HIBP password validator to catch more bad passwords

We set the "fail on error" to False for initial experiments.

src/backend/people/settings.py

@@ -965,6 +965,12 @@ class Production(Base):
         {
             "NAME": "django_zxcvbn_password_validator.ZxcvbnPasswordValidator",
         },
+        {
+            'NAME': 'django_hibp.HIBPPasswordValidator',
+            'OPTIONS': {
+                'fail_on_error': False,
+            }
+        },
     ]
 
     # For static files in production, we want to use a backend that includes a hash in

src/backend/pyproject.toml

@@ -42,6 +42,7 @@ dependencies = [
     "django-timezone-field>=5.1",
     "django-treebeard==4.7.1",
     "django-zxcvbn-password-validator==1.4.5",
+    "django-hibp==1.0",
     "django==5.1.8",
     "djangorestframework==3.16.0",
     "dockerflow==2024.4.2",