Deprecation of password_autocomplete

Currently, Horizon tries to prevent browsers' username/password auto-completion by default.
https://github.com/openstack/horizon/blob/9adb63643778a779c571b4898b315b582bf8fba8/openstack_dashboard/local/local_settings.py.example#L130-L132

However, modern browsers have become more eager to auto-fill forms as a net gain[1] while preventing users' secret from filled in insecure forms[2]. In the circumstances, blocking auto-filling does not offer much security gains. It's time to deprecate the "password_autocomplete" switch or at least flip the default value?

To address the point in the security guide[3], the flaw described there exists regardless of the value of password_autocomplete. Because, password_autocomplete just hides the fake form with CSS, but the password is already filled by a browser on the HTML level. The assumed another user already has the same privilege to see the saved password since the password is already saved regardless of the value of password_autocomplete.

[1] https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion#The_autocomplete_attribute_and_login_fields
> Even without a master password, in-browser password management is generally seen as a net gain for security. Since users do not have to remember passwords that the browser stores for them, they are able to choose stronger passwords than they would otherwise.
>
> For this reason, many modern browsers do not support autocomplete="off" for login fields

[2] https://developer.mozilla.org/en-US/Firefox/Releases/52#Security
> Autofill is also disabled on insecure login forms

[3] https://docs.openstack.org/security-guide/dashboard/checklist.html#check-dashboard-07-is-password-autocomplete-set-to-false
> it introduces a flaw, as the user account becomes easily accessible to anyone that uses the same account on the client machine