crypt(3) style password support for lua-loader

From: David E. Cross <david_at_crossfamilyweb.com>
Date: Sat, 19 Aug 2023 22:03:38 UTC
I sent this earlier from the wrong account and either -hackers bounced 
it, or -hackers is down, apologies if you get a dupe on this, but I also 
included a reviews.freebsd.org link this time)


Something that has always bothered me is the if you enable boot 
passwords with loader(8) they are stored *plaintext* in the loader.conf, 
so you need to make sure that file is root-only access and is just poor 
security in general.

Well, I decided to fix that.  See attached, also at:

https://reviews.freebsd.org/D41509


It is lua only, I evaluated doing a forth version to maintain parity 
with forth-loader, but that exceeds my available time at this point and 
I'd rather get this out there.

Includes loader.conf.5 documentation update.  This is tested and working 
in boot environment.  (... why doesn't lua-loader have math.*?);

additionally crypt.lua has commented-out test suite and validates 
against all crypt-sha256.c and crypt-sha512.c test vectors.


The only real gotcha with this is that crypt(3) style passwords use '$' 
in them and that must be escaped in loader.conf(5).  I debated switching 
this to ! or another character but decided to stick with $ as no matter 
what you will need to edit between strict crypt(3) format and what is 
placed in the config file, and this makes testing easier if the formats 
are the strictly identical.  That is even if I changed it to not need 
escaping, you'd still need to edit it anyway, so if you still have to 
edit, might as well keep the underlying format the same.


This gotcha is documented in the updated loader.conf(5)


Thanks.