Handle custom AEM passwords

[krystian-panek-vmltech]

checker should be aware of admin:admin pair being active before reaching initial 30% of stable bundles (AEM auth is initialised at this stage)

[krystian-panek-vmltech]

introduce aem user update-password --id admin --password <pwd>
if id == admin then AEMC will store internally password encrypted by salt

base:
  security:
    algorithm: AES256
    salt: <RANDOMLY_GENERATED_UPON_CONFIG_INIT>

or that salt could be set on nodes as environment variable .Env.AEM_BASE_SALT

security constraints assumed:

• when called from aemc-ansible, the file aem.yml with that salt will be only temporarily persisted on VM; Ansible ensures to clean that file immediately after module execution
• that file will be created with read-only permissions for root user (Ansible user who is executing the module); no-one else will be able to read that value

AEMC should be able to rotate admin password when used to check its stability as:

• AEM on first run before reaching 30% of bundles stable is using default admin pwd instead of the target one - e.g set by -Dadmin.passwordfile= so that during single AEMC command the 2 different passwords need to be used and such case need to be supported

[krystian-panek-vmltech]

implemented previous-password-less approach using oakrun;

only to be polished / that jansi error especially - https://issues.apache.org/jira/browse/OAK-5961

@tomasz-sobczyk-wttech WDYT?

I decided to embed oak-run to aemc binary to avoid unexpected file downloads occurrence when oak-run will be needed on password change; 50mb; what is interesting only 1.42 version works, newer ones are broken (corrupted jar file / not launchable, too small size)