[Framework] Fix missing framework options not_compromised_password

Author: alamirault

reference/configuration/framework.rst

@@ -3825,6 +3825,29 @@ The :doc:`NotCompromisedPassword </reference/constraints/NotCompromisedPassword>
 constraint makes HTTP requests to a public API to check if the given password
 has been compromised in a data breach.
 
+.. _reference-validation-not-compromised-password-enabled:
+
+enabled
+"""""""
+
+**type**: ``boolean`` **default**: ``true``
+
+If you set this option to ``false``, no HTTP requests will be made and the given
+password will be considered valid. This is useful when you don't want or can't
+make HTTP requests, such as in ``dev`` and ``test`` environments or in
+continuous integration servers.
+
+endpoint
+""""""""
+
+**type**: ``string`` **default**: ``null``
+
+By default, the :doc:`NotCompromisedPassword </reference/constraints/NotCompromisedPassword>`
+constraint uses the public API provided by `haveibeenpwned.com`_. This option
+allows to define a different, but compatible, API endpoint to make the password
+checks. It's useful for example when the Symfony application is run in an
+intranet without public access to the internet.
+
 static_method
 .............