Example: Usernames and Passwords

[ghost]

We sometimes talk about how "you don't need usernames and passwords" for the Internet Computer, but that doesn't mean you can't use them... and in some ways they make it easier to juggle multiple devices.

[ghost]

@gobengo Thanks for the thorough review:

For the requested changes...

• Fixed! Good suggestion, I totally overlooked that case.
• I added a warning about sending passwords in the clear, despite being over HTTPS.

For the other comments...

• HashMaps or even just Maps would definitely be better for Sessions, which we only ever lookup by caller, but we lookup Accounts by both username and account_id so I don't think we'd gain much from a HashMap there.
• Let me think a little more about client-side hashing. I think the example gets my points across for now.
• Oh, 0.6.24 was the latest on my machine. I can probably bump it. I'll check.
• I swapped in bcrypt. I was only using sha256 because I was hoping to use the existing Motoko library for it.
• I made an attempt to actually generate a random salt. It was unfortunately a rather complex affair. You have to grab randomness from the management canister 32 bytes at a time, which is asynchronous. I think a better solution would be to use the randomness to seed a local pseudo-random generator that would be available synchronously, but that started to inflate the example too much.

[ghost]

Bumped dfx to 0.6.25. Smooth sailing.