Use random passwords in specs

Our specs use static passwords, many of them are weak. Ideally there would be no way in our codebase to set static passwords, even for test purposes.

We should adopt a pattern where we generate a random password in a before or let block, and then use that value in subsequent tests.

The first MR, Remove weak and/or hardcoded user passwords fro... (!92845 - closed), was too big, so we will break it out into smaller MRs:

• Remove a small number of hardcoded passwords in... (!92959 - merged)
  • ee/spec/controllers/trial_registrations_controller_spec.rb
  • ee/spec/features/users/login_spec.rb
  • spec/controllers/admin/users_controller_spec.rb
  • spec/controllers/profiles_controller_spec.rb
  • spec/controllers/registrations_controller_spec.rb
  • spec/features/users/login_spec.rb
  • spec/support/helpers/login_helpers.rb
• Remove a small number of hardcoded passwords in... (!93059 - merged)
  • ee/spec/requests/api/merge_request_approvals_spec.rb
  • ee/spec/requests/api/scim_spec.rb
  • ee/spec/requests/api/users_spec.rb
  • spec/requests/api/users_spec.rb
• Remove a small number of hardcoded passwords in... (!93060 - merged)
  • ee/spec/features/merge_request/user_approves_with_password_spec.rb
  • ee/spec/features/trial_registrations/signin_spec.rb
  • spec/features/admin/admin_appearance_spec.rb
  • spec/features/profile_spec.rb
  • spec/features/profiles/password_spec.rb
• Remove a small number of hardcoded passwords in... (!93062 - merged)
  • ee/spec/services/ee/users/create_service_spec.rb
  • ee/spec/services/ee/users/update_service_spec.rb
  • ee/spec/services/merge_requests/approval_service_spec.rb
  • spec/services/users/create_service_spec.rb
  • spec/services/users/update_service_spec.rb
• Remove a small number of hardcoded passwords in... (!93063 - merged)
  • db/fixtures/development/18_abuse_reports.rb
  • lib/tasks/gitlab/seed/group_seed.rake on 2nd thought this spec doesn't need the change I suggested; it uses Devise.friendly_token instead of User.random_password, but close enough.
  • spec/tasks/gitlab/password_rake_spec.rb
  • spec/mailers/emails/profile_spec.rb
  • spec/models/hooks/system_hook_spec.rb
  • spec/channels/application_cable/connection_spec.rb
• Remove hardcoded passwords in Gitlab::Auth specs (!93069 - merged)
  • spec/lib/gitlab/auth_spec.rb
• Remove hardcoded passwords in user model specs (!93068 - merged)
  • spec/models/user_spec.rb
• Set a random password in the User Factory (!93635 - merged)
  • TODO last. Once everything is calling user.password updating the factory (which hardcodes to 12345678) shouldn't break any specs. (Narrator: it did).
  • spec/factories/users.rb