Allow building with frequency lists outside of the source code.

[PaulGrandperrin]

Hello,
I'm building a web app (https://github.com/PaulGrandperrin/cachou) using your very cool library, here is my use-case:

• the app is distributed as a wasm module (built with https://github.com/yewstack/yew)
• the authentication is done with https://github.com/novifinancial/opaque-ke : meaning that my server-side code never ever sees the user's passwords
• this means that user password checking needs to be done client-side
• but I can't really use zxcvbn client-side because of its prohibitive compiled size:
  • my app's release mode wasm without zxcvbn: 1.4M uncompressed, 338K compressed with brotli
  • my app's release mode wasm with zxcvbn: 2.5M uncompressed, 753K compressed with brotli
• Even though my app is using 264 other crates, zxcvbn alone doubles its download time and probably wasm compilation time too.. But is only useful when a user is signing up or changing its password.

The best solution I see to this problem would be to allow building a version of this create (behind a feature flag) without the frequency lists in the source code, and then allow loading them at runtime.

This way, the ~400K of compressed lists would only be downloaded and processed when the client code needs them without affecting loading time and "time to interactivity" :-)

I'm sure it could even be done in a non-api breaking way.

I'm willing to investigate and propose a PR if this feels reasonable to you

[kjvalencik]

I have an identical need--trimming the size of WASM; however, I prefer not to ship the word list at all.

An alternate proposal is to have a feature flag that uses at a bloom filter for the common password set instead of a strict set match.

[stan-irl]

Also having this problem