add user option to ignore password_regex

Heat's bug: https://storyboard.openstack.org/#!/story/2005210

Heat creates service users in its dedicated domain on the fly. These are crucial in situations that require deferred authentications, for example autoscaling.

There's a password_regex option in [security_compliance] section in Keystone that enforces passwords to pass a certain regex, thus enforcing their strength.

However Heat has no way to generate random passwords for its users that will certainly pass any such regex set. In fact the problem of generating a random string from arbitrary regex is quite a non trivial one and for now solutions/libraries exist only when regex uses only a certain subset of a full regex spec.

When generating passwords for its domain users Heat creates quite a strong password (32 alphanum+special symbols), but still it may fail a custom regex set in Keystone.

It is proposed to add another user option (ignore_password_regex) similar to those already existing in Keystone to override the regex enforcement of the password for given user.