fix: enforce password length and complexity in UserRegister schema

[nyxsky404]

📄 Description

Adds server-side password validation to the UserRegister Pydantic schema so the POST /api/auth/register endpoint rejects weak passwords before they reach the bcrypt layer.

Rules enforced:

• username: minimum 3 characters, maximum 30 characters
• password: minimum 8 characters, maximum 128 characters
• password must contain at least one uppercase letter (A–Z)
• password must contain at least one digit (0–9)

UserLogin is intentionally unchanged — it only authenticates against what is already stored.

Files changed:

• backend/app/schemas.py: added field_validator and re imports; applied Field constraints to username and password; added password_complexity validator on UserRegister

🔗 Related Issues

Fixes #2218

🧩 Type of Change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update

Verification & Testing

Local Verification

• Built successfully locally
• Console has zero errors or warnings

Devices/Browsers Tested

• Chrome (Desktop)
• Safari (Mobile)
• Firefox

✅ Checklist

• Code follows project styling guidelines
• Changes are fully responsive and accessible
• No extraneous logs or debug code left
• Documentation updated accordingly

[vercel]

@nyxsky404 is attempting to deploy a commit to the janavipandole's projects Team on Vercel.

A member of the Team first needs to authorize it.

[nyxsky404]

CI Failures — Pre-existing Repository Issues

The following failing checks are not caused by the changes in this PR. This PR only modifies Python backend files; none of the failures below involve those files.

Check	Root Cause	Evidence
validate	Prettier formatting errors in Cara-main/app.js (lines 4–68+). This file is not touched by this PR and fails identically on every PR in the repo.	Run git log --oneline Cara-main/app.js — the errors predate this branch.
link-checker	Missing asset files (images/logo.png, Cara-main/wishlist.html, etc.) referenced in existing HTML. None of these paths are introduced or changed by this PR.	All errors point to files outside backend/.
size-label	SyntaxError in the size-label-action workflow config (budgets.json format mismatch). Broken at the repo configuration level.	Error: Unexpected token 'X', "XS: 0-20\nS"... is not valid JSON
triage	.github/labeler.yml uses an unsupported format for actions/labeler@v5.	Error: found unexpected type for label 'frontend' (should be array of config options)
welcome	GitHub Actions token lacks pull-requests: write permission for this workflow.	Fails on every external contributor PR.
Vercel	Vercel deployment integration requires repo-level authorization that has not been granted.	"Authorization required to deploy."

These need to be addressed at the repository infrastructure level by a maintainer and are unrelated to this contribution.