* generic strenght meter widget which can be included in various
  places
* password field, taking over the isPassword special cases strewn
  throughout the codebase, this should probably become an actual thing
  in core /cc @ged-odoo, the meter is opt-in as most uses of
  `field[@password=True]` are passwords & secrets for third-party
  services or external servers for which a meter would not make sense
* separate override of the ChangePassword wizard which isn't a regular
  view for some reason
* direct implementation for signup pages (create user & reset password)

Skip/comment/remove existing testing of @password fields: the policy
replacement/augmentation needs to make an RPC call and does not
support readonly use (because it doesn't seem to be used anywhere so
that made sense?); and there currently is no way to augment or
override/replace existing tests, so the tests will either fail when
auth_password_policy is installed (current situation) or fail when
auth_password_policy is not installed (if updated to be compatible
with APP).