Password expiry policy

In some security contexts, a password expiry policy can be mandatory.

This concept is took care of in the ldap ppolicy draft, and is already supported in Canaille if the LDAP backend is used.

For other backends like SQL though, this might be done manually. The password management SCIM draft can serve as a base for the data model.

Note that there are several scenarios of password expiry:

• planned password expiry
• password expiry due to inactivity

This feature should be disabled by default due to the poor user experience it implies.