security: support for setting passwords securely in the sql client

[aaron-crl]

We should provide the ability to streamline the assignment of secure passwords with client-side hashing in the sql client.

As it stands today, CREATE USER 'foo' WITH PASSWORD 'bar'; and similar commands may result in logging of security primitives which may be surprising and also undesirable.

psql does this through the client-side \password command referenced here: https://www.postgresql.org/docs/12/auth-password.html

Additional conversations and workaround for psql for context

• psql-admin mailing list discussion about logging passwords: https://www.postgresql.org/message-id/CAHJZqBDe1-oiYtdh5pcWLAhr3jsDMFQg4miv3PYADH3YWKqZ2w%40mail.gmail.com
• psql with md5 auth: https://community.pivotal.io/s/article/How-to-Create-a-User-with-an-Encrypted-Password?language=en_US

Jira issue: CRDB-6322

[blathers-crl]

Hi @aaron-crl, please add a C-ategory label to your issue. Check out the label system docs.

While you're here, please consider adding an A- label to help keep our repository tidy.

_{🦉 Hoot! I am a Blathers, a bot for CockroachDB. My owner is otan.}