support $POSTGRESQL_PASSWORD_ENCRYPTION env var

[praiskup]

After quick chat with @jesperpedersen, it sounds really desirable to have a way to setup "scram-sha-256" algorithm for password_encryption easily. It can not be set default since clients supporting this auth mechanism are not yet widespread, but per-deployment opt-in would be good.

[jesperpedersen]

password_encryption is the on-disk storage format. If you require scram-sha-256 for login then you replace md5 with scram-sha-256 in pg_hba.conf.

See https://www.postgresql.org/docs/10/static/auth-methods.html#AUTH-PASSWORD

Documentation for scram-sha-256 is at https://www.postgresql.org/docs/10/static/sasl-authentication.html#SASL-SCRAM-SHA-256

[jesperpedersen]

But, yeah - best leave it as an opt-in

[pkubatrh]

Could be added as an option for new instances. Let us try and take a look if we can introduce something in near future.

[fsdrw08]

any updates? the pg_hba.conf config action should seperate from

postgresql-container/16/root/usr/bin/run-postgresql

Lines 23 to 28 in f4d56eb

	if [ ! -f "$PGDATA/postgresql.conf" ]; then
	initialize_database
	PG_INITIALIZED=:
	else
	try_pgupgrade
	fi