lockdown passwordStretching parameters

[dannycoates]

Strictly validates the passwordStretching parameters to only allow:

{
  type: 'PBKDF2/scrypt/PBKDF2/v1',
  PBKDF2_rounds_1: 20000,
  scrypt_N: 65536,
  scrypt_r: 8,
  scrypt_p: 1,
  PBKDF2_rounds_2: 20000
}

This should address the immediate concerns of #400 and #401 but the flexibility of these values remains to be defined.

@rfk @warner r?

[rfk]

r+, pending comment from @warner

[rfk]

explicitly assigning to @warner for a sanity-check before this gets merged

[warner]

r+, as long as this is something we can switch out quickly in the future. I expect we'll change the defaults more than once in the coming months, and I wouldn't want to be limited in our choices by a long update cycle on these checks. We might want to remove this server-side restriction altogether by the time we're done.

[dannycoates]

We can put these values in config so changes won't involve a code deploy. Merging now, config change in #414