Move password quality check logic to new userdat.c function: check_pass()

sbbs_t::chkpass() now becomes just a thin wrapper around check_pass() and it
prints the reason for the failure or calls sbbs_t::trashcan().

I also refactored the code quite a bit: no more copying and uppercasing
(we have strcasestr() now!) and supports calling with a NULL user_t* as I
expect will be a use case.

This will allow us to expose the password quality checking algorithm to other
servers (e.g. the web server) that can be used to create new user accounts
with passwords that meet our quality bar.
e.g. via a newly created JS method: system.check_password()

Yes, we have bbs.good_password() already (and that still works fine), but
can't be used by non-terminal server code.