pds: Passwords stored as raw text

[heguro]

By default, raw passwords are stored in data/laputa/pds.sqlite. I think we should use password-hashing or something.

[bnewbold]

Indeed! The "real" PDS instance in Typescript (at https://github.com/bluesky-social/atproto) uses scrypt for password hashing.

Right now the PDS implementation in golang ("laputa") is not useful for much beyond automated testing. In a testing context we want to be able to create and login many "fake" accounts quickly, so we probably wouldn't accept a patch to add proper password hashing unless there was an easy way to disable it.

This isn't a priority at the moment, but absolutely would be a blocking issue for this implementation to become real self-hosting option.

[bnewbold]

Just to ensure there isn't duplicate work on this, @erka has a nice PR to add hashing (https://github.com/bluesky-social/indigo/pull/109). We are not likely to review and merge that for a couple weeks, but it looks like it will resolve this issue.