Support HIBPv2 Dumps and API

[dominikschulz]

This commit implements support for the HIBPv2 Dumps and API.
See https://www.troyhunt.com/ive-just-launched-pwned-passwords-version-2/
Since the new dumps aren't sorted by SHA anymore using them requires some expensive preprocessing. But since it's a very expensive operation anyway, only intended to be performed very very few users, this should be OK.

As a much easier approach this PR also includes a way to securely check the password hashes against the HIBPv2 API. To avoid leaking sensitive data (SHA1 hashes of secrets) the API supports sending only the first five chars of the hash and returns a list of possible matches which we then check on the client side. Of course this still leaks some entropy to the server, but I can't imagine any feasible attack using only the first five bytes of the hash.

[codecov]

Codecov Report

Merging #666 into master will increase coverage by 0.19%.
The diff coverage is 72.73%.

@@            Coverage Diff             @@
##           master     #666      +/-   ##
==========================================
+ Coverage   64.87%   65.07%   +0.19%     
==========================================
  Files         144      144              
  Lines        8102     8181      +79     
==========================================
+ Hits         5256     5323      +67     
- Misses       2205     2209       +4     
- Partials      641      649       +8

Impacted Files	Coverage Δ
commands.go	92.12% <ø> (ø)	⬆️
action/hibp.go	74.73% <72.73%> (+7.44%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6ff2cd1...32af307. Read the comment docs.