Allow setting password for SMTP authentication (now any password is accepted)

[dlazesz]

In cases where the server not listens on localhost (#96 and #103) it would add an additional (thin) layer of security to be able to set an "app password" instead of accepting any password. Else the server is practically an open relay, which is probably unwanted.

[simonrob]

This is not the case - only on the first login is any password accepted; subsequently you must use the same password.

This is an acceptable trade-off because at that first attempt you must also authorise interactively and actually log in to the account.

[dlazesz]

on the first login is any password accepted; subsequently you must use the same password.

Sorry, this behaviour is not explicitly stated in the documentation:

Once the proxy is correctly configured, after the first successful use of an account its access token details will
be cached in this configuration file, encrypted with the password you use in your email client. The password set in
your email client is not used for authentication (which is done separately via a web browser), so it can be
different to your real account password, which is helpful for debugging. Please note, though, that all clients that
use a particular account via the proxy should use the same password to avoid repeated re-authentication requests.
See the proxy's README.md file for more information and further configuration options.

And README.md (in the Troubleshooting section) says:

However, it is worth pointing out that because account authorisation is handled entirely through OAuth 2.0 in a web browser, while the username you set in your email client must be correct, the password used for the IMAP/POP/SMTP connection can be anything you like, and does not need to be the one you actually use to log in to your account. The password you provide via your email client is used only to encrypt and decrypt the authentication token that the proxy transparently sends to the server on your behalf. Because of this, if you are concerned about debug mode and security you can use a test password for debugging and then replace it with a secure password (and authenticate again) once set up.

Could you clarify this?

Otherwise, I accept this. Thank you!

[simonrob]

The password can indeed be any value, but that password is used to encrypt the OAuth 2.0 tokens that are obtained, so after the first time you must use the same password to allow them to be decrypted and used.

I'll think about how to clarify the wording here.