[v4][Feature] Save Encrypted Credentials

[philosowaffle]

As a user I would like to save my credentials in an encrypted format so that they are not available in plain text.

Tech Limitations:

1. Normal password management would mean only saving a salted hash of the credentials and/or having dedicated and revokable API keys for interacting with 3rd party services. However, since neither Garmin nor Peloton provide an official api, we must store the users original credentials long term.

Options:

1. One time setup - User provides credentials
   1. Any time P2G is started and detects that no credentials have been provided via config, P2G will prompt the user via command line to enter all the missing credentials
   2. These credentials will then be encrypted by P2G (probably using triple des) and saved back to the config file for future use
   3. Pros:
      1. Simple implementation
      2. Easy to change the password for the user
   4. Cons:
      1. P2G source code provides all the necessary details to decrypt the password. A compromised system will not reveal any plain text credentials, but a targeted attack could still decrypt the values in the config file.
2. HashiCorp Vault
   1. Require users to run a self hosted Vault (source or docker)
   2. Users can setup an AppRole id and necessary credentials
   3. Users provide the AppRoleId to P2G in the config file
   4. P2G uses the AppRoleId to authenticate with Vault and fetch the credentials
   5. Links
      1. https://hub.docker.com/_/vault
   6. Pros:
      1. Removes all password management from P2G
      2. Allows user to configure custom credential policy to further protect the credentials in vault
      3. Allows user to configure preferred credential storage provider
   7. Cons:
      1. For Advanced users only
      2. Vault is fairly complicated and very much overkill
3. PowerShell Secret Store
   1. User must install and configure windows Secret Store and Secret Management
   2. P2G can access stored secrets at runtime
   3. Links
      1. https://devblogs.microsoft.com/powershell/secretmanagement-and-secretstore-are-generally-available/
   4. Pros
      1. native
   5. Cons
      1. Seems to have a lot of setup steps
      2. Is recommended for development env only, not for production use
4. Docker Secrets
   1. User sets up and configures docker secrets and provides those secrets to the P2G container
   2. P2G consumes the secretes
   3. Pros
      1. native
   4. Cons
   5. Requires all users to use Docker
   6. Docker secrets only supported on Docker Swarm env

Thoughts:

1. Personally, I am leaning towards option 1, the most basic one. This will significantly improve the security of the credentials with minimal effort.
2. Long term, I am interested in implementing HashiCorp Vault support, but primarily as a learning exercise, I'm not sure many people would choose to take advantage of it beyond myself.

[philosowaffle]

The solution for this is also different for Headless (console) vs UI users. UI implementation can be done now.

Console users need:

1. Prompt user for all 4 credentials if missing
2. Provide a way for the user to request these credentials be updated

UI users need:

1. pretty much nothing. P2G can passively start storing these credentials encrypted at rest.

[philosowaffle]

Closing. With V4 and Garth (#524) this will mostly be solved.

Currently the follow install methods do save encrypted creds at rest:

1. WebUI
2. ClientUI
3. Github action

The Headless Console flavor is the only impl that doesn't save encrypted creds.

Moving forward, Garth should let us get rid of saving credentials entirely.