If the password auth type is enabled also enable the hardened policy
    
    This will allow custom hardened password policy to be applied.
    Without this then the policy will be skipped because the UA
    is not enabled.
    
    The KDC and client will prefer SPAKE any time it is available.
    For IPA this should mean we should choose hardened setting over a
    default one any time SPAKE is used.
    
    Related: https://pagure.io/freeipa/issue/9121
    
    Signed-off-by: Rob Crittenden <rcritten@redhat.com>
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>