Fix: get the current password from the request body instead of in querystrings

[scottinet]

:warning: depends on #70

Description

The requirePassword option forces users to pass their current password to be able to update or delete their user credentials. Problem: the plugin requires that current passwords are put in the querystring for HTTP requests. Querystrings can be intercepted, and they are also logged as-is by Kuzzle loggers (and proxies), leaking user passwords.

With this PR, the plugin asks for the current password to be put in a currentPassword body argument.

Preventing a breaking change

To prevent a breaking change, the old manner of providing the current password still works. But it has been tagged as @deprecated in the code, and its documentation has been removed. Our current clients using this way of providing the current password will be urged to migrate to the new API ASAP.

Once done... we may remove this deprecated code without further notice.

[scottinet]

@rolljee > it's from #70 so you should put it there :)

[Aschen]

@scottinet I put this PR in draft to prevent someone to merge it since #70 has to be merged first. Maybe you can change the target branch and merge it?

[scottinet]

I'll wait for #70 to be merged instead :-)