feat: integrate passwap for human user password hashing (#6196)

* feat: use passwap for human user passwords

* fix tests

* passwap config

* add the event mapper

* cleanup query side and api

* solve linting errors

* regression test

* try to fix linter errors again

* pass systemdefaults into externalConfigChange migration

* fix: user password set in auth view

* pin passwap v0.2.0

* v2: validate hashed password hash based on prefix

* resolve remaining comments

* add error tag and translation for unsupported hash encoding

* fix unit test

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>

proto/zitadel/management.proto

@@ -7406,8 +7406,14 @@ message ImportHumanUserRequest {
                 description: "Use this to import hashed passwords from another system."
             }
         };
-        string value = 1;
-        string algorithm = 2;
+        string value = 1 [
+            (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+                example: "\"$2y$12$hXUrnqdq1RIIYZ2HPytIIe5lXdIvbhqrTvdPsSF7o.jFh817Z6lwm\"";
+                description: "Encoded hash of a password in Modular Crypt Format: https://passlib.readthedocs.io/en/stable/modular_crypt_format.html"
+            }
+        ];
+        reserved 2; // was algortithm, which is actually obtained from the encoded hash
+        reserved "algortithm";
     }
     message IDP {
         string config_id = 1 [

proto/zitadel/user/v2alpha/password.proto

@@ -32,17 +32,7 @@ message HashedPassword {
       max_length: 200;
     }
   ];
-  string algorithm = 2 [
-    (validate.rules).string = {min_len: 1, max_len: 200, const: "bcrypt"},
-    (google.api.field_behavior) = REQUIRED,
-    (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-      example: "\"bcrypt\"";
-      description: "\"algorithm used for the hash. currently only bcrypt is supported\"";
-      min_length: 1,
-      max_length: 200;
-    }
-  ];
-  bool change_required = 3;
+  bool change_required = 2;
 }
 
 message SendPasswordResetLink {