Spring Security SEC-2562: Modernize Password Storage

Rob Winch (Migrated from SEC-2562) said:

Password storage has come a long ways and is a very important aspect of security. We should modernize how passwords are stored and managed.

A special thanks to John Steven for providing guidance on these recommendations.

Subtasks

• [x] #4666 - Add DelegatingPasswordEncoder
• [x] #2775 - Make adaptive one-way functions the default scheme (BCrypt)
• [x] #2158 - Provide a PBKDF2 PasswordEncoder implementation
• [x] #2776 - Deprecate all salted digest password encoding
• [x] #2777 - Incorporate Password Storage Scheme spec into stored format
• [x] #2778 - Support password storage upgrades
• [ ] #2779 - Formal audit of BCrypt implementation
• [x] #2742 - Support PBKDF2 SHA256 for JDK8+
• [ ] #9833 Support phc Password Storage