security,sql: add a setting to constrain the minimum password length

[knz]

Requested by @bdarnell.

First commit from #51501.

This change adds a new cluster setting
server.user_login.min_password_length. When set and non-zero, it
forces a minimum password length to passwords passed in cleartext to
the SQL WITH PASSWORD clause (CREATE/ALTER USER/ROLE).

This change is part of a larger set of security measures to help
the secure deployment of Cockroach Cloud. We are not yet planning
to advertise this to on-prem users until the feature matures and
is complemented by additional enhancements to password authentication.

cc @solongordon @thtruo @aaron-crl for visibility.

[cockroach-teamcity]

This change is 

[RichardJCai]

Reviewable status: complete! 0 of 0 LGTMs obtained (waiting on @knz and @RichardJCai)

---

pkg/security/password.go, line 84 at r2 (raw file):

// MinPasswordLength is the cluster setting that configures the
// minimum SQL password length.
var MinPasswordLength = settings.RegisterIntSetting(

I think RegisterNonNegativeIntSetting makes a little more sense here even though it doesn't actually change the behaviour. LGTM otherwise

[knz]

Reviewable status: complete! 0 of 0 LGTMs obtained (waiting on @RichardJCai)

---

pkg/security/password.go, line 84 at r2 (raw file):

Previously, RichardJCai (Richard Cai) wrote…

I think RegisterNonNegativeIntSetting makes a little more sense here even though it doesn't actually change the behaviour. LGTM otherwise

Done.

[knz]

bors r=RichardJCai

[knz]

cc @joshimhoff for eventual deployment in CC

[knz]

bors r-

[craig]

Canceled

[knz]

bors r=RichardJCai

[knz]

bors r-

[craig]

Canceled

[knz]

bors r=RichardJCai

[craig]

Canceled (will resume)

[craig]

Build succeeded

• GitHub CI (Cockroach)