Add comment about min length 6 being enforced even with no policy

Author: ch5zzy

packages/auth/test/integration/flows/password_policy.test.ts

@@ -66,6 +66,7 @@ describe('Integration test: password validation', () => {
     });
 
     it('considers invalid passwords invalid against the policy configured for the project', async () => {
+      // Even if there is no policy configured for the project, a minimum length of 6 will always be enforced.
       expect((await validatePassword(auth, INVALID_PASSWORD)).isValid).to.be
         .false;
     });