improve deletion of unsecured MySQL users to include the new auth mechanisms

[schurzi]

Description

Currently we use a simple set of criterias to remove unsecured users. This set excludes some of the usefull new features of newer MySQL versions. Also the current logic needs a bit more documentation to be more easily to understand.

Solution

We should define which features of MySQL we want to advise using by making our queries for deleting unsecured users more explicit and more granular. Currently I would consider several types of authentication secure:

• auth with password
• auth with certificates
• auth with unix pipe
• auth with PAM

The current logic for queries should als obe improved, maybe in the same way we use to set all the ssh parameters for mac/key/ciphers

Alternatives

Leave as is, our current implementation is arguably secure but exludes some equally secure setups.

Additional information

for more information also consider #641 and related discussion (linked tickets)

All changes must also be reflected in our mysql-baseline.