Multibyte support for PasswordLength constraint

Changes tested on Drupal Version 9.5.10 and Password Policy 4.0.0.
The minimum password length is set to 5 characters and aaa$ or tes£ passwords are failing the validation.
Without the patch those passwords are valid.

Assigning to myself as I'm reviewing/merging ready RTBC fixes/updates over the next few days.

Looks like we are missing a couple of places, but I can update these:

  public function validatePassword(string $password, UserInterface $user, array $edited_user_roles = []): PasswordPolicyValidationReport {
    // Stop before policy-based validation if password exceeds maximum length.
    if (strlen($password) > PasswordInterface::PASSWORD_MAX_LENGTH) {
      return TRUE;
    }

UPDATED: Looking at the code, I don't think this is necessary as it's removing zero character items from the array.

and perhaps: $blacklisted_passwords = array_filter($blacklisted_passwords, 'strlen');

I'll test this.

Actually, I think I'm wrong here. Core is using strlen:

core/lib/Drupal/Core/Password/PhpPassword.php:    if (strlen($password) > static::PASSWORD_MAX_LENGTH

so I'll change it back and add a comment.

Tested both min and max and it works as expected.

Since I didn't add logic, just a comment, back to RTBC. I'll get this merged.

Thanks everyone for the help on this issue. The fix has been merged and will be part of the next release.

This is part of the new 4.0.1 release.