feat(crypto): use passwap for machine and app secrets (#7657)

* feat(crypto): use passwap for machine and app secrets

* fix command package tests

* add hash generator command test

* naming convention, fix query tests

* rename PasswordHasher and cleanup start commands

* add reducer tests

* fix intergration tests, cleanup old config

* add app secret unit tests

* solve setup panics

* fix push of updated events

* add missing event translations

* update documentation

* solve linter errors

* remove nolint:SA1019 as it doesn't seem to help anyway

* add nolint to deprecated filter usage

* update users migration version

* remove unused ClientSecret from APIConfigChangedEvent

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>

internal/domain/application_api.go

@@ -11,7 +11,7 @@ type APIApp struct {
 	AppID              string
 	AppName            string
 	ClientID           string
-	ClientSecret       *crypto.CryptoValue
+	EncodedHash        string
 	ClientSecretString string
 	AuthMethodType     APIAuthMethodType
 
@@ -41,21 +41,21 @@ func (a *APIApp) setClientID(clientID string) {
 	a.ClientID = clientID
 }
 
-func (a *APIApp) setClientSecret(clientSecret *crypto.CryptoValue) {
-	a.ClientSecret = clientSecret
+func (a *APIApp) setClientSecret(encodedHash string) {
+	a.EncodedHash = encodedHash
 }
 
 func (a *APIApp) requiresClientSecret() bool {
 	return a.AuthMethodType == APIAuthMethodTypeBasic
 }
 
-func (a *APIApp) GenerateClientSecretIfNeeded(generator crypto.Generator) (secret string, err error) {
+func (a *APIApp) GenerateClientSecretIfNeeded(generator *crypto.HashGenerator) (plain string, err error) {
 	if a.AuthMethodType == APIAuthMethodTypePrivateKeyJWT {
 		return "", nil
 	}
-	a.ClientSecret, secret, err = NewClientSecret(generator)
+	a.EncodedHash, plain, err = generator.NewCode()
 	if err != nil {
 		return "", err
 	}
-	return secret, nil
+	return plain, nil
 }