frappe.core.doctype.user.user.sign_up don’t have password argument. If you want to put up directly from the REST data, implement similar to this and pass the password to new_password.
I’m sure there’s a reason password is not accepted here. I would use frappe.core.doctype.user.user.sign_up with email and full name. Then your users will get an email where they find a link to set their password. In other cases you can use frappe.core.doctype.user.user.reset_password if the user needs to set a new password, same way, via email.
This way you never have to worry about passwords and how to handle them securely.