feat(crypto): support md5 plain for imported password hashes (#8189)

# Which Problems Are Solved

Allow verification of imported passwords hashed with plain md5, without
salt. These are password digests typically created by one of:

- `printf "password" | md5sum` on most linux systems.
- PHP's `md5("password")`
- Python3's `hashlib.md5(b"password").hexdigest()`

# How the Problems Are Solved

- Upgrade passwap to
[v0.6.0](https://github.com/zitadel/passwap/releases/tag/v0.6.0)
- Add md5plain as a new verfier option in `defaults.yaml`

# Additional Changes

- Updated documentation to explain difference between `md5` (crypt) and
`md5plain` verifiers.

# Additional Context

- Requested by customer for import case

cmd/defaults.yaml

@@ -480,11 +480,12 @@ SystemDefaults:
     #
     # Supported verifiers: (uncomment to enable)
     Verifiers: # ZITADEL_SYSTEMDEFAULTS_PASSWORDHASHER_VERIFIERS
-    #   - "argon2" # verifier for both argon2i and argon2id.
+    #   - "argon2"   # verifier for both argon2i and argon2id.
     #   - "bcrypt"
-    #   - "md5"
+    #   - "md5"      # md5Crypt with salt and password shuffling.
+    #   - "md5plain" # md5 digest of a password without salt
     #   - "scrypt"
-    #   - "pbkdf2" # verifier for all pbkdf2 hash modes.
+    #   - "pbkdf2"   # verifier for all pbkdf2 hash modes.
   SecretHasher:
     # Set hasher configuration for machine users, API and OIDC client secrets.
     Hasher: