When reseting password through portal_password, we should check new
password comply with policy.

Because user is not logged in at this stage, we expose a new method
`PasswordTool.analyzePassword` that checks the password is valid for
this reset key.