[TASK] Prevent password policy warning in BackendUserPasswordCheck

The dataHandler hook implementation `BackendUserPasswordCheck` sets
a random password for a new backend user, if the provided password
is empty in `$incomingFieldArray`. The generated password is a
random HMAC string, which does not fulfill the requirements of
the default TYPO3 password policy. As a result, a password policy
warning is shown.

This change ensures, that the generated random password at least
fulfills the default TYPO3 password policy.

Resolves: #103138
Releases: main, 12.4
Change-Id: I20ef7c5958d539533cc76ca41c4cc7b5ab07e594
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/82986


Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Bartsch <bo@cedev.de>

typo3/sysext/core/Classes/Hooks/BackendUserPasswordCheck.php

@@ -29,10 +29,7 @@ use TYPO3\CMS\Core\Utility\MathUtility;
  */
 class BackendUserPasswordCheck
 {
-    /**
-     * @var Random
-     */
-    protected $random;
+    protected Random $random;
 
     public function __construct()
     {
@@ -58,7 +55,12 @@ class BackendUserPasswordCheck
             return;
         }
         if (!isset($incomingFieldArray['password']) || (string)$incomingFieldArray['password'] === '') {
-            $incomingFieldArray['password'] = GeneralUtility::hmac($id, $this->random->generateRandomBytes(20));
+            $incomingFieldArray['password'] = $this->random->generateRandomPassword([
+                'lowerCaseCharacters' => true,
+                'upperCaseCharacters' => true,
+                'digitCharacters' => true,
+                'specialCharacters' => true,
+            ]);
         }
         if (!isset($incomingFieldArray['username']) || (string)$incomingFieldArray['username'] === '') {
             $incomingFieldArray['username'] = 'autogenerated-' . md5($id);