ReturnTypeExtension for wp_hash_password()

[IanDelMar]

The return value of wp_hash_password() is determined by one of the following:

• \PasswordHash::HashPassword() – always returns a non-falsy-string.
• password_hash() – returns a non-falsy-string for valid algorithms. For invalid algorithms, it gives a warning and returns null on PHP 7 and throws a ValueError on PHP 8.
• base64_encode(hash_hmac()) – returns a non-falsy-string for valid algorithms. For invalid algorithms, it gives a warning and returns an empty string ('') on PHP 7 and throws a ValueError on PHP 8.
• '*'.

The applied algorithm is filterable and not validated. Consequently, the overall return type is string|null on PHP 7 and non-falsy-string on PHP 8.

Leaving this here for future reference, or in case somebody wishes to take it up.