Define default password policy for sysaccounts
    
    cn=sysaccounts,cn=etc now has a default password policy to permit system
    accounts with krbPrincipalAux object class. This allows system accounts
    to have a keytab that does not expire.
    
    The "Default System Accounts Password Policy" has a minimum password
    length in case the password is directly modified with LDAP.
    
    Fixes: https://pagure.io/freeipa/issue/8276
    Signed-off-by: Christian Heimes <cheimes@redhat.com>
    Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>