Limit the max number of PasswordPolicyErrors that are appended to PasswordPoliciesNotMet #16
Description
Not having a limit opens the door for a DoS attack if an organization has many password policies and an attacker crafts a password that fails them all. e.g. potentially unbounded memory allocated
Reported in https://hackerone.com/reports/2441029