users: Respect `enforcing` in `/etc/security/pwquality.conf`

Gnome Control Center uses libpwquality to check if a password is secure enough. The library has a file to configure the rules applied.

The enforcing key in that configuration file specifies whether the requirement is strictly enforced rather than a recommendation, as I understand. Given the password validation is already dependent on that configuration file, it probably makes sense to respect this setting.

The previous behavior was to always "enforce".