Problem/Motivation
Discovered in #3436164: Add validation constraints to user.settings.
@see https://git.drupalcode.org/project/drupal/-/merge_requests/7412#note_298722
The current password reset timeout minimum value is 1 second.
Using such a low value makes it basically impossible to use the password reset feature because the link expires instantly, so it could lock you out of your website.
Steps to reproduce
Proposed resolution
We could use 5 minutes as the minimum.