support cram-md5 authentication for imap and smtp

and change thunderbird autoconfiguration to use it.

unfortunately, for microsoft autodiscover, there appears to be no way to
request secure password negotiation. so it will default to plain text auth.

cram-md5 is less secure than scram-sha-*, but thunderbird does not yet support
scram auth. it currently chooses "plain", sending the literal password over the
connection (which is TLS-protected, but we don't want to receive clear text
passwords). in short, cram-md5 is better than nothing...

for cram-md5 to work, a new set of derived credentials need to be stored in the
database. so you need to save your password again to make it work. this was
also the case with the scram-sha-1 addition, but i forgot to mention it then.

main.go

@@ -876,8 +876,10 @@ func cmdSetaccountpassword(c *cmd) {
 	c.params = "address"
 	c.help = `Set new password an account.
 
-The password is read from stdin. Its bcrypt hash and SCRAM-SHA-256 derivations
-are stored in the accounts database.
+The password is read from stdin. Secrets derived from the password, but not the
+password itself, are stored in the account database. The stored secrets are for
+authentication with: scram-sha-256, scram-sha-1, cram-md5, plain text (bcrypt
+hash).
 
 Any email address configured for the account can be used.
 `
@@ -1958,7 +1960,7 @@ binary should be setgid that group:
 	if !submitconf.STARTTLS {
 		tlsMode = smtpclient.TLSSkip
 	}
-	// todo: should have more auth options, scram-sha-256 at least.
+	// todo: should have more auth options, scram-sha-256 at least, perhaps cram-md5 for compatibility as well.
 	authLine := fmt.Sprintf("AUTH PLAIN %s", base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("\u0000%s\u0000%s", submitconf.Username, submitconf.Password))))
 	mox.Conf.Static.HostnameDomain.ASCII = submitconf.LocalHostname
 	client, err := smtpclient.New(ctx, mlog.New("sendmail"), conn, tlsMode, submitconf.Host, authLine)