Implement/improve approved password rules & strength scoring

As a developer, 
I want the frontend and backend to enforce 
the approved password requirements and 0-4 strength scoring 
so users see the correct strength, weak passwords are rejected, 
and the API returns a clear error code when a password is too weak.

Scope / Tasks

1. activate-account/frontend

   • Integrate the chosen library/config (e.g. @zxcvbn-ts/core) and the approved mapping to scores 0-4.
   • Render strength bar (0-4), textual label, and concrete guidance from the requirements table.
   • Prevent submission if password < approved minimum score (configurable).
   • Show inline validation messages and the minimum-score requirement.
   • Add e2e tests for strength display and blocking behaviour.

2. activate-account/api

   • Add server-side password validation using the same algorithm/config.
   • Add new error response when password fails strength check: e.g. HTTP 422 with JSON { "error": "PASSWORD_TOO_WEAK", "minimum_score": <n>, "actual_score": <n>, "message": "Password does not meet minimum strength requirements" }.

Acceptance Criteria

• Frontend shows strength 0-4 consistent with approved mapping and blocks submission when below minimum score.
• Backend validates password strength and returns HTTP 422 with error code PASSWORD_TOO_WEAK and minimum_score/actual_score in response.