fix: improve pw validation without js

[jennifer-richards]

Fixes issues with poor / absent feedback about rejected passwords when passwords are reset, changed, or initially created in a browser with javascript disabled.

It's tempting to go on a deeper dive refactoring the password forms, but I think this is a sensible stopping point. This will need more serious work when we move to an external auth system and/or migrate to Django 5.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 88.73%. Comparing base (0197e44) to head (7326422).
Report is 14 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #9113      +/-   ##
==========================================
- Coverage   88.75%   88.73%   -0.02%     
==========================================
  Files         321      321              
  Lines       41851    41853       +2     
==========================================
- Hits        37143    37140       -3     
- Misses       4708     4713       +5     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.