Comment 8 for bug 1979570

I've worked through a lot of the changes suggested above along with one our clients had. Changes have been squashed into my commit on https://git.evergreen-ils.org/?p=working/Evergreen.git;a=shortlog;h=refs/heads/user/lew/lp-1979570-detect-password-age

1. Made my password updated hook into a passive one on my new FM_IDL class. This uses the user's Home OU as the context org.

2. Updated the event to use the passive hook & deleted the validator

3. renamed the library setting to auth.password_expire_age and put it in the sec group

4. a client noticed you could get around the message by re-entering your password into the OPAC's password change screen. I've changed it so it will prevent you from updating your password using your current password.

I'm hesitant to get rid of the config.tt2 changes or modify the permission groups. In phase 2 of our project, we're tossing around the idea of creating a "password policy" object that would contain the password regex and other requirements such as the expiration age. These policies would be mapped to a permission group and org unit.