Fix security vulnerabilities. Add logging

src/routers/admins.py

@@ -29,6 +29,8 @@ async def create_admin(
         raise HTTPException(422, "Username cannot be empty")
     if req.role not in ("admin", "manager"):
         raise HTTPException(422, "role must be 'admin' or 'manager'")
+    if len(req.password) < 12:
+        raise HTTPException(422, "Password must be at least 12 characters")
     if db.query(AdminUser).filter_by(username=username).first():
         raise HTTPException(409, "Username already exists")
     user = AdminUser(username=username, password_hash=hash_password(req.password), role=req.role)
@@ -64,6 +66,8 @@ async def change_password(
 ):
     if not req.new_password:
         raise HTTPException(422, "Password cannot be empty")
+    if len(req.new_password) < 12:
+        raise HTTPException(422, "Password must be at least 12 characters")
     user: Optional[AdminUser] = db.query(AdminUser).filter_by(username=username).first()
     if not user:
         raise HTTPException(404, "Admin not found")