Correctly handle unicode for Python 3. This may also be needed if you want to use non-ascii characters in passwords with Python 2.
I considered pushing this straight to master, but I wanted to remind people how we're handling Python 3 compatibility. I've used cast_bytes on password, so it can be passed in either as bytes or unicode. The salt is generated in the native str type for each platform, so it goes through str_to_bytes, which is a no-op on Python 2.
I'll merge this tomorrow, unless anyone objects.
Fix password hashing for Python 3
Rebased to avoid recursive merge; closes #1016.