Restrict password alphabet to SASLprep-safe ASCII subset

Prior to this change user passwords were not validated on change aside from their length, but validated on login/bind by ldap3 with SASLprep. Instead of using SASLprep on password change, this change restricts passwords to 7-bit ASCII without control characters. Control characters are forbidden by SASLprep. Multi-byte characters are uncommon in password, especially in those generated by password managers. This ensures that passwords are always SASLprep-safe without implementing the rather complex SASLprep algorithm. It also allows us to fully describe the alphabet restrictions in the relevant forms.

Fixes #100 (closed)