for the stored passwords of users for the realms that this applies
(native, reserved). Replaces predefined choice of bcrypt with
cost factor 10.

This also introduces PBKDF2 with configurable cost
(number of iterations) as an algorithm option for password hashing
both for storing passwords and for the user cache.

- Password hashes validation algorighm selection takes into
  consideration the stored hash prefix instead of the relevant
  x-pack security settting.
- Removes explicit cost factor setting
- Whitelists a number of algorithn+cost options for brypt and
  pbkdf2
- Removes HasherFactory in favor of an ENUM with singletons

Provide sane default while calling resolve() instead

- Remove SaltProvider and replace it with a private method using
  SecureRandom
- Refrain from creating String objects with the hash value during
  verification
- Add javadocs where appropriate
- Replace Setting constructor check with a bootstrap check for
  available and allowed password hashing algorithms

- Adds a check for the algorithm of the hash of incoming change
  password requests
- Move the check for the allowed hashing algorithms back to the
  setting validator