Makes it cleaner to re-use them outside of HTTP package.
Passwords stored in auth file can be bcrypt hashes of the password passed via the basic auth of the received request. However unmakred passwords will be considered plain text thus maintaining backward compatibility. Added testcases. Closes #395