Switch password hashing from DES crypt to SHA-256

Switch password hashing from DES crypt to SHA-256

DES crypt is trivially crackable. Passwords starting with $ are now
auto-detected as crypt hashes (supports $5$ SHA-256, $6$ SHA-512, etc).
Plaintext passwords still work for backwards compatibility.

Remove crypt_oper_password and crypt_iline_password config options —
detection is now automatic based on the $ prefix in stored passwords.

Update mkpasswd to generate SHA-256 ($5$) hashes with random salts.
Stop logging passwords (plaintext or hashed) in oper logs.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>