discourage hexdigits in password lookup (#73106)

* actually add new docs

* Update lib/ansible/plugins/lookup/password.py

Co-authored-by: Sandra McCann <samccann@redhat.com>

changelogs/fragments/passwd_lookup_hexdigits.yml

@@ -0,0 +1,2 @@
+minor_changes:
+  - Discourage the use of 'hexdigits' in password lookup, as it distorts expected entropy.

lib/ansible/plugins/lookup/password.py

@@ -40,6 +40,8 @@ DOCUMENTATION = """
           - 'By default generated passwords contain a random mix of upper and lowercase ASCII letters, the numbers 0-9 and punctuation (". , : - _").'
           - "They can be either parts of Python's string module attributes (ascii_letters,digits, etc) or are used literally ( :, -)."
           - "Other valid values include 'ascii_lowercase', 'ascii_uppercase', 'digits', 'hexdigits', 'octdigits', 'printable', 'punctuation' and 'whitespace'."
+          - Be aware that Python's 'hexdigits' includes lower and upper case version of a-f, so it is not a good choice as it doubles
+            the chances of those values for systems that won't distinguish case, distorting the expected entropy.
           - "To enter comma use two commas ',,' somewhere - preferably at the end. Quotes and double quotes are not supported."
         type: string
       length:
@@ -83,7 +85,7 @@ EXAMPLES = """
 - name: create a mysql user with a random password using many different char sets
   mysql_user:
     name: "{{ client }}"
-    password: "{{ lookup('password', '/tmp/passwordfile chars=ascii_letters,digits,hexdigits,punctuation') }}"
+    password: "{{ lookup('password', '/tmp/passwordfile chars=ascii_letters,digits,punctuation') }}"
     priv: "{{ client }}_{{ tier }}_{{ role }}.*:ALL"
 
 - name: create lowercase 8 character name for Kubernetes pod name