LP#1468422 Real-time / per-user password migration

LP#1468422 Real-time / per-user password migration

Don't rely on mass password migration, since it would take a very long
time.  Instead, migrate users on demand.

Raise work factor (iteration count) from 10 to 14.

Current flow:

1. Application requests a salt to use as the CHAP-style seed
2. If new-style password exists, salt is returned.
3. Else, old password is migrated and the new salt is returned.
4. App finalizes login by checking verify_passwd.

Signed-off-by: Bill Erickson <berickxx@gmail.com>