feat(security): enhance password strength validation with common password blocklist and entropy scoring

[tmrathod2003-alt]

Enhances the existing password strength validation in auth.validation.js to reject commonly used weak passwords that technically meet the basic rules but are still vulnerable to credential stuffing and brute force attacks. Adds a common password blocklist and entropy scoring to ensure users are forced to choose genuinely strong passwords.

Changes

• Added COMMON_PASSWORDS blocklist of 20 frequently used weak passwords (e.g. "Password123!", "Admin@123") to auth.validation.js
• Added calculateEntropy() function to measure true password randomness based on character pool size and length
• Extended passwordSchema with two new refine checks — common password rejection and minimum entropy score of 50

Testing

• Sent signup request with "Password123!" — rejected with 422 "Password is too common. Please choose a stronger password."
• Sent signup request with "Tr0ub4dor&3xK9!" — passed password validation and proceeded to next stage
• All original password checks (length, uppercase, lowercase, number, special character) remain intact