Support password authentication

[nfnt]

Calls by the operator to nodetool are authenticated with credentials provided as a secret by the admin.

[nfnt]

Passwords in env variables are fine as long as they're not exported. But you raise a good point here, because passwords as part of a command line are not fine because they can be extracted by a ps call. Just noticed that TLS_KEYSTORE_PASSWORD and TLS_TRUSTSTORE_PASSWORD are used like this and with cleartext password in parameters as well. I'll take a look on how to secure that. nodetool supports password files, let me see how this can be added.

[nfnt]

There's no good way to fully secure nodetool authentication in a cluster environment. Or at least in the way we use that tool 😄. Especially the kubectl exec -- nodetool of the repair job is problematic. We should think of a better way to provide this functionality; a sidecar with some API endpoints could improve the situation here.