Add Rule for passwords listed on haveivebeenpwnd

[elektro-wolle]

The rule should have the following configuration-parameters:

• URL to use (for local installed database)
• timeout
• failOnTimeout (should passwords be required to be checked against the service, even if the service is not available)
• allowFoundPasswords (don't know, if this is possible: Display a warning, that the password is easy to guess)

I'll issue an according PR with a sample implementation in the next days.