Replace the `cryptography` library with `pycryptodome` for password encryption.
The previous implementation used AES-GCM with a static key derived from a
hardcoded secret. This change introduces a more robust security model by:
- Using PBKDF2 to derive the encryption key from the secret.
- Adding a unique, randomly generated salt for each encrypted password.
This significantly enhances security by protecting against rainbow table
and pre-computation attacks.
BREAKING CHANGE: The password encryption format has changed. All previously
encrypted passwords stored in the database are now invalid and will need
to be reset.
Karl
aa1b9d7281