Security issue with adding new users without LDAP

[qwertfisch]

When using the admin CLI, one can only add a new user with a password given in the command line. This way the password is visible for all users in the process list (despite for only a short moment) and in my Bash command history.

I did a workaround of creating a 6-line NodeJS program which itself calls bcrypt and outputs the password hash. Then I was able to add this to .users.json. Afterwards I had the idea to refer to an input file which would contain the password. I added an option for this, see attached diff: admin.diff.txt

[nebulade]

This sounds like a great addition. Can you create a pull request and I will merge it?