Passwords must not be handled as strings

In the current codebase, passwords are handled as utf-8 strings (String or &str).

This is incorrect. A password is not a utf-8 string. It is a specific sequence of bytes, and any kind of password hashing & validation must happen at the level of byte strings. utf-8 strings do not correspond uniquely to printed text, due to the issues of Unicode normalization and combined characters. This means that a password which is visually the same, from the user's perspective, may correspond to different bytes when entered via different systems (different OS, keyboard, input method etc), thus failing validation

A second issue is that passwords are sensitive data, which must not be passed around in memory willy-nilly. Proper standards for handling of sensitive data require that the password must not be moved in memory without a good reason, and all places which contained secrets must be securely zeroed once their contents are no longer used (note: simply setting memory to 0 does not work!).

• Short-term: change all password types to byte strings (&[u8]/Vec<u8>). Ensure syntactic validation and/or Unicode normalization of passwords on system boundary.
• Long-term: use proper Password type, with secure handling of underlying buffers.

added domain/auth triaged labels

changed milestone to %Picodata next