Add `:password-eval` auth mechanism.

[ieure]

The existing :password mechanism isn’t well-suited to fetching a password from an external store.

• It fetches once, when elfeed-feeds is evaluated, which is likely at Emacs startup. Blocking startup to unlock a password store isn’t a good experience.
• The password is stored in cleartext in the value of the variable.
• Changing the password in the underlying store requires re-evaluating the form which set elfeed-feeds. Many users will opt to restart their Emacs session to accomplish this, which is needlessly disruptive.

The :password-eval mechanism addresses these issues. Evaluation of the form given to :password-eval is deferred until it’s required, and the cleartext value is not persisted. It works equally well for shell-command-to-string invocations, secrets-get-secret, password-store-get, etc.

I also though about changing the existing :password to notice if the value was evalable (ex. (or (functionp f) (and (listp f) (functionp (car f))))), but settled on having an explicit key to get the behavior. I could go that direction if you feel strongly that it’s better than :password-eval.

[fasheng]

Thanks for the advice and high quality PR.

I agree with your second choice, please append one more commit to merge :password-eval to :password and add descriptions to show the feature, so we could hide the details and provide less choice for users. After all, this is not commonly used.

Thanks~

[ieure]

You got it.

[fasheng]

Great, merged and thanks~

[ieure]

You're very welcome. Thank for making this in the first place, it was a big missing piece in my RSS setup.