Update "empty" password handling in "no-hard-coded-passwords" to balk at an empty root password explicitly (CVE-2019-5021)#5880