Dev Task: Password hashing

[NancokPS2]

Kinda unsafe to store passwords as is.
Godot has a String.hash() function for this purpose.

There's also the HashingContext class but no idea if it applies to this.

The Crypto class can be used for encryption as well.

Hashing merely turns an object, in this case a String, into an int.
Hashing a String will always return the same result every time, but there is no way to "un-hash" the numbers to get the original String. This allows the user to use a String as usual, but the server only ever receives a hash of the password to store and compare.

[jonathaneeckhout]

Currently the password is not hashed for the json backend but it is for the sql backend.

This is done for debugging reasons for which the json backend should only be used.

On the deployed server the password is stored using BCrypt which is widely used to safely store passwords in databases.

(Closing this ticket, feel free to reopen it if you disagree)