Use a safe implementation of SCRAM.

[mberhault]

The scram implementation has no unittests and ignores parts of the RFC (eg: the m field is supposed to trigger an authentication failure). This should be replaced with a fuller (and better tested) implementation. https://github.com/xdg-go/scram might be a candidate.

[Neustradamus]

Note that SCRAM-SHA-256 has been added in:

• Add SCRAM-SHA-256 authentication to this library #833

Linked to:

• Feature request: Add support for SCRAM-SHA-256 password authentication #817
• Use a safe implementation of SCRAM. #914
• Support scram password generation #941
• Add support for SCRAM-SHA-256 authentication. #608
• Inform user of unsupported scram auth method #621
• Support for SCRAM-SHA-256 authentication #788
• State of Play scram-sasl/info#1