Add ``argon2`` primitive (for password hashing and verification) (?)

[rdw-software]

There's FFI bindings for it here: https://github.com/thibaultCha/lua-argon2-ffi C source (reference code) here: https://github.com/P-H-C/phc-winner-argon2 RFC: https://www.rfc-editor.org/rfc/rfc9106.txt

I've built this before on Windows, so hopefully the results of that experiment will be useful. They're still somewhere in a private repo, and include a GitHub Actions workflow to build it.

Should probably be exposed in a crypto library later, but I don't dare venturing there just yet.

Other Considerations:

• The implementation needs to be fast; measurably as fast as any other available (LuaJIT can probably do it, but can Luvi? TBD)
• I'm pretty worried about messing up some security criteria, so it needs reviewing by several experts in the field (I have a few in mind, but they might not be specialized enough?)
• Port all the tests, from everywhere, license permitting of course. Can never have enough for crypto stuff
• No custom implementation of anything beyond the bindings/threading required, it's too risky. Hopefully the reference will be a good starting point and it won't be necessary to do much more

[rdw-software]

The license is Apache2, so that's not a problem. However, it looks like parallel computation is effectively required (else using it would be useless):

For efficient computation of Argon2, the ability to run concurrent code is necessary

That might turn out to be a bit more complex than I'd like, but we'll see.

[rdw-software]

Some other ideas:

• https://github.com/jedisct1/libsodium/blob/master/src/libsodium/crypto_pwhash/argon2/argon2.h
• https://libsodium.gitbook.io/doc/password_hashing/default_phf
• https://github.com/randombit/botan/blob/master/src/lib/pbkdf/argon2/argon2.cpp
• Port reference implementation to Lua (why? Seems pointless and needlessly risky, compared to simple ffi bindings and I doubt it's faster)
• The go implementation was written by a sufficiently experienced programmer, though I doubt it could be used somehow
• PHP7+ defaults to it also: https://www.php.net/manual/en/function.password-hash.php (also TYPO3, but weaker Argon2i variant?)
• Simply wait for OpenSSL to implement it (should use their version anyway, if/when it becomes available)
• Node has deferred implementation to OpenSSL also, which seems like the best approach so far
• It would be easier to just use another algorithm from OpenSSL directly, even if it may not be ideal
• According to the Wikipedia page, there's a possible attack that isn't yet addressed in the latest version?
• It's optimized for x86_64 so it may not be compatible or at least not perform the best on other architectures (ARM)?

Also TBD: Will LuaJIT optimize even ffi'ed code? If yes, would this introduce possible attack vectors, e.g. for side channel attacks?

There's probably no point in adding anything if OpenSSL should be used, except maybe some version of node's crypto library on top.

[rdw-software]

This has too many potential issues; needs more thought to figure out the details.