LibCore+passwd+su+Base: Add /etc/shadow to hide hashes from users :^)

This patch moves the user account password hashes from /etc/passwd,
where they were world-readable, to /etc/shadow, where only root can
access them.

The Core::Account class is extended to support both authentication
against, and modification of /etc/shadow.

The default password for "anon" as of this commit is "foo" :^)

Userland/passwd.cpp

@@ -54,6 +54,11 @@ int main(int argc, char** argv)
         return 1;
     }
 
+    if (unveil("/etc/shadow", "rwc") < 0) {
+        perror("unveil");
+        return 1;
+    }
+
     unveil(nullptr, nullptr);
 
     bool del = false;
@@ -72,7 +77,9 @@ int main(int argc, char** argv)
 
     uid_t current_uid = getuid();
 
-    auto account_or_error = (username) ? Core::Account::from_name(username) : Core::Account::from_uid(current_uid);
+    auto account_or_error = (username)
+        ? Core::Account::from_name(username, Core::Account::OpenPasswdFile::ReadWrite, Core::Account::OpenShadowFile::ReadWrite)
+        : Core::Account::from_uid(current_uid, Core::Account::OpenPasswdFile::ReadWrite, Core::Account::OpenShadowFile::ReadWrite);
 
     if (account_or_error.is_error()) {
         fprintf(stderr, "Core::Account::%s: %s\n", (username) ? "from_name" : "from_uid", account_or_error.error().characters());

Userland/su.cpp

@@ -50,7 +50,9 @@ int main(int argc, char** argv)
     if (geteuid() != 0)
         fprintf(stderr, "Not running as root :(\n");
 
-    auto account_or_error = (user) ? Core::Account::from_name(user) : Core::Account::from_uid(0);
+    auto account_or_error = (user)
+        ? Core::Account::from_name(user, Core::Account::OpenPasswdFile::No, Core::Account::OpenShadowFile::ReadOnly)
+        : Core::Account::from_uid(0, Core::Account::OpenPasswdFile::No, Core::Account::OpenShadowFile::ReadOnly);
     if (account_or_error.is_error()) {
         fprintf(stderr, "Core::Account::from_name: %s\n", account_or_error.error().characters());
         return 1;