prevent unicode-confusion in password by applying PRECIS, and username/email address by applying unicode NFC normalization

an é (e with accent) can also be written as e+\u0301. the first form is NFC,
the second NFD. when logging in, we transform usernames (email addresses) to
NFC. so both forms will be accepted. if a client is using NFD, they can log
in too.

for passwords, we apply the PRECIS "opaquestring", which (despite the name)
transforms the value too: unicode spaces are replaced with ascii spaces. the
string is also normalized to NFC. PRECIS may reject confusing passwords when
you set a password.

vendor/golang.org/x/text/secure/precis/class.go

@@ -0,0 +1,36 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package precis
+
+import (
+	"unicode/utf8"
+)
+
+// TODO: Add contextual character rules from Appendix A of RFC5892.
+
+// A class is a set of characters that match certain derived properties. The
+// PRECIS framework defines two classes: The Freeform class and the Identifier
+// class. The freeform class should be used for profiles where expressiveness is
+// prioritized over safety such as nicknames or passwords. The identifier class
+// should be used for profiles where safety is the first priority such as
+// addressable network labels and usernames.
+type class struct {
+	validFrom property
+}
+
+// Contains satisfies the runes.Set interface and returns whether the given rune
+// is a member of the class.
+func (c class) Contains(r rune) bool {
+	b := make([]byte, 4)
+	n := utf8.EncodeRune(b, r)
+
+	trieval, _ := dpTrie.lookup(b[:n])
+	return c.validFrom <= property(trieval)
+}
+
+var (
+	identifier = &class{validFrom: pValid}
+	freeform   = &class{validFrom: idDisOrFreePVal}
+)