authentication_policy: fix credential recovery on password expiration
Credential Recovery are supposed to be related to persons, not logins. Extend the tests to make sure that after the credential recovery is accepted a reset password email is sent and fix authentication_policy scripts to create a Credential Recovery related to the person.