fix: avoid excessive memory allocations

[harnash]

This PR changes internal storage for HIBP API call results to use ristretto cache instead of plain map to avoid excessive memory allocations when handling substantial load (each checked hash is stored indefinitely in memory).

Related issue(s)

• Substantial memory allocations in DefaultPasswordValidator (HIBP) #2354

Checklist

• I have read the contributing guidelines.
• I have referenced an issue containing the design document if my change
  introduces a new feature.
• I am following the
  contributing code guidelines.
• I have read the security policy.
• I confirm that this pull request does not address a security
  vulnerability. If this pull request addresses a security. vulnerability, I
  confirm that I got green light (please contact
  security@ory.sh) from the maintainers to push
  the changes.
• I have added tests that prove my fix is effective or that my feature
  works.
• I have added or changed the documentation.

Further Comments

This patch was running for a few days on our cluster and it looks like memory usage is not increasing and stabilised around 70MB which is great :-)

[aeneasr]

Awesome, thank you for your contribution! This looks pretty good and I have some ideas how to improve it further :)

[aeneasr]

The cost in ristretto is set is kinda weird. For example, it is probably required to ignore the internal cost and use a custom cost function:

https://github.com/dgraph-io/ristretto/blob/8e850b710d6df0383c375ec6a7beae4ce48fc8d5/cache.go#L137

[harnash]

Alright. I've added ignoreInternalCost=true but I'm not sure if custom cost function is needed at this point.

[codecov]

Codecov Report

Merging #2389 (1f2c9e1) into master (1fbabc2) will decrease coverage by 0.03%.
The diff coverage is 80.00%.

@@            Coverage Diff             @@
##           master    #2389      +/-   ##
==========================================
- Coverage   76.60%   76.56%   -0.04%     
==========================================
  Files         315      315              
  Lines       17328    17326       -2     
==========================================
- Hits        13274    13266       -8     
- Misses       3120     3124       +4     
- Partials      934      936       +2     

Impacted Files	Coverage Δ
driver/registry_default.go	86.33% <50.00%> (ø)
selfservice/strategy/password/validator.go	92.50% <87.50%> (-0.19%)	⬇️
persistence/sql/persister_courier.go	85.00% <0.00%> (-3.34%)	⬇️
session/test/persistence.go	98.61% <0.00%> (-1.39%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1fbabc2...1f2c9e1. Read the comment docs.