Increase the default complexity of Cloud SQL DB passwords (#2886)

* Increase the default complexity of DB passwords in order to meet password_validation_policy.default_complexity

* Use password_validation_policy.min_length if provided

* Explicitly generate a root_password if not provided

* Use object (password, random_password) for root_password config

* Make root_password non-nullable, and add validation against specifying both a password and `random_password`.
Fix test for stronger password generation.

* Add example for root_password and password_validation_policy

* Rerun tfdoc.py

---------

Co-authored-by: Julio Castillo <jccb@google.com>

modules/cloudsql-instance/variables.tf

@@ -249,9 +249,17 @@ variable "replicas" {
 }
 
 variable "root_password" {
-  description = "Root password of the Cloud SQL instance. Required for MS SQL Server."
-  type        = string
-  default     = null
+  description = "Root password of the Cloud SQL instance, or flag to create a random password. Required for MS SQL Server."
+  type = object({
+    password        = optional(string)
+    random_password = optional(bool, false)
+  })
+  default  = {}
+  nullable = false
+  validation {
+    condition     = !(var.root_password.password != null && var.root_password.random_password)
+    error_message = "Cannot provide root_password.password and root_password.random_password at the same time"
+  }
 }
 
 variable "ssl" {