shared/{user,group}-record-nss: adjust filtering of "valid" passwords

We would reject various passwords that glibc accepts, for example ""
or any descrypted password. Accounts with empty password are definitely
useful, for example for testing or in scenarios where a password is not
needed. Also, using weak encryption methods is probably not a good idea,
it's not the job of our nss helpers to decide that: they should just
faithfully forward whatever data is there.

Also rename the function to make it more obvious that the returned answer
is not in any way certain.

(cherry picked from commit 8f796e40)
(cherry picked from commit aee20dfb)