Redesign plugin configuration to work with --plugin-secret

[simonw]

While working on #7 (live demo) I realized that the suggested mechanism for keeping password hashes private - the --plugin-secret mechanism - doesn't actually work - because that mechanism only works for secrets at the root of the plugin configuration, not secrets that are nested further down.

This is a huge problem. Even hashed passwords should not be exposed as visible in metadata.json.

So I need a better solution to hiding them - a solution which is probably going to involve changes to Datasette core.

[simonw]

One possibility: make /-/metadata itself subject to a permission check, then document how to forbid access to it.

[simonw]

Potential short-term fix: redesign the datasette-auth-passwords plugin configuration to allow for passwords to be set at the root level of the config, e.g. as "user1_password_hash": "..."

[simonw]

OK, that's how I'm going to do this. New configuration format design:

{
    "plugins": {
        "datasette-auth-passwords": {
            "actors": {
                "user1": {
                    "id": "user1",
                    "name": "Your name"
                }
            },
            "user1_password_hash": {
                "$env": "HASH_1"
            }
        }
    }
}

[simonw]

This is really just a stop-gap measure unti SQL configuration is available in #6.

[simonw]

The "actors" bit will be optional - without it each actor will default to just {"id": "your_username"}