Update weak password verifier to V2

[pkoziol]

Troy Hunt just launched "Pwned Passwords" V2.

He recommends switching to the new domain:

Secondly, the existing API (that many people have created dependencies on!) still works just fine. It also points to the storage repository for V2 of the password set so it's now searching through the full half billion records. I'll leave this running for the foreseeable future, but if you are using it then I'd prefer you roll over to the endpoint on api.pwnedpasswords.com for the reasons mentioned above, and for these other reasons:

If you were using the original API via HTTP GET, rolling over to the new one changes absolutely nothing in your implementation other than the URL which will look like this:

GET https://api.pwnedpasswords.com/pwnedpassword/{password}

It'll still return HTTP 200 when a password is found and 404 when it's not.

But he also added new endpoint that improves user's anonymity by receiving only first 5 chars of the hash.

[JC5]

I saw, thanks for the reminder! I’ll try to write a new check for the next release. The API is giving me some head aches though so it might not make it to 4.7.1.

[JC5]

This is now implemented and will be released with 4.7.2